CERTA-2002-AVI-007

Vulnerability from certfr_avis - Published: - Updated:

Il est possible de saturer le disque dur de la machine par le biais du daemon nsd.

Description

Le daemon nsd (Unified Name Service Daemon) met en cache des informations relatives aux utilisateurs, groupes et machines, en puisant dans les fichiers de configuration locaux et en interrogeant les serveurs NIS, NIS+, LDAP, DNS sur le réseau.

nsd est installé par défaut sur toutes les versions 6.5.x d'Irix.

Une vulnérabilité présente dans une fonction de limitation du cache peut entrainer un déni de service par saturation du disque dur.

Solution

Appliquer le correctif de sécurité de SGI selon la version ou bien installer la version 6.12m/f :

http://support.sgi.com/colls/patches/tools/relstream/index.html

SGI Irix de la version 6.5.4 à la version 6.5.11.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSGI Irix de la version 6.5.4 \u00e0 la version 6.5.11.\u003c/P\u003e",
  "content": "## Description\n\nLe daemon nsd (Unified Name Service Daemon) met en cache des\ninformations relatives aux utilisateurs, groupes et machines, en puisant\ndans les fichiers de configuration locaux et en interrogeant les\nserveurs NIS, NIS+, LDAP, DNS sur le r\u00e9seau.\n\nnsd est install\u00e9 par d\u00e9faut sur toutes les versions 6.5.x d\u0027Irix.\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans une fonction de limitation du cache peut\nentrainer un d\u00e9ni de service par saturation du disque dur.\n\n## Solution\n\nAppliquer le correctif de s\u00e9curit\u00e9 de SGI selon la version ou bien\ninstaller la version 6.12m/f :\n\n    http://support.sgi.com/colls/patches/tools/relstream/index.html\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2002-AVI-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-01-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Il est possible de saturer le disque dur de la machine par le biais du\ndaemon nsd.\n",
  "title": "Vuln\u00e9rabilit\u00e9 du daemon \u003cTT\u003ensd\u003c/TT\u003e sous SGI Irix",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SGI num\u00e9ro 20020102-02-I",
      "url": "http://patches.sgi.com/support/free/security/advisories/20020102-02-I"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.