Overview
A vulnerability in the SGI IRIX PIOCSWATCH ioctl() function may allow local attackers to crash the operating system.
Description
SGI states that PIOCSWATCH ioctl "establishes or clears a set of watched areas in the traced process." According to SGI Security Advisory 20030603-01-P, a local attacker could crash the operating system by exploiting this vulnerability: It's been reported that non-root users can call the PIOCSWATCH ioctl() in its various invocations via a user space program and crash IRIX with a kernel panic. This could be used as a potential Denial of Service attack on the system. A local account on the system is required. |
Impact
A local attacker may be able to crash the operating system. |
Solution
The vendor encourages users to either upgrade to IRIX 6.5.21 (when it becomes available) or apply a patch as described in SGI Security Advisory 20030603-01-P. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to SGI for reporting this vulnerability.
This document was written by Ian A Finlay, and is based on information contained within the SGI Security Advisory 20030603-01-P.
Other Information
| CVE IDs: | CVE-2003-0175 |
| Severity Metric: | 2.16 |
| Date Public: | 2003-06-10 |
| Date First Published: | 2003-06-11 |
| Date Last Updated: | 2003-06-11 17:47 UTC |
| Document Revision: | 10 |