Routed append vulnerability allows remote file manipulation

Risk Level: Medium risk vulnerability  Medium

Check or Attack Name: RipAppend
Platforms: Unix, IRIX: 3.x, IRIX: 4.x, IRIX: 5.x, IRIX: 6.0.1, IRIX: 6.1, IRIX: 6.2, IRIX: 6.3, IRIX: 6.4, IRIX: 6.0
Description:

Many routed daemons that have been ported from the original 4.x BSD routed code have the ability for a packet to turn on debug mode, and to specify a debugging log file. Attackers can append data to system files without any checks on the permissions of the file.
Remedy:

Contact your vendor for fix information. IRIX users of affected but unsupported versions should upgrade to the latest release available for your hardware and then install the patch (if necessary). Other IRIX users should obtain and apply the following patches:

  • IRIX 5.3: 2770
  • IRIX 6.2: 1638
  • IRIX 6.3: 2413
  • IRIX 6.4: 2413
References:

Fyodor's Exploit World, routed trace file exploit, http://www.insecure.org/sploits/routed.tracefile.html

Rootshell Web Site, BSD 4.4 based routed trace file exploit, http://www.rootshell.com/archive-j457nxiqi3gq59dv/199801/riptrace.c.html

Silicon Graphics Inc. Security Advisory 19981004-01-PX, IRIX routed(1M) Vulnerability, ftp://sgigate.sgi.com/security/19981004-01-PX

CIAC Information Bulletin J-012, J-012: SGI IRIX routed(1M) Vulnerability, http://ciac.llnl.gov/ciac/bulletins/j-012.shtml
X-Force Logo
Know Your Risks