| VID |
23034 |
| Severity |
30 |
| Port |
4321 |
| Protocol |
TCP |
| Class |
CoPilot |
| Detailed Description |
The service 'IRIX Performance Copilot' is running and may be also allow a remote attacker to cause a denial of service attack via an extremely long string.
Performance Co-Pilot, installed by default with IRIX 6.x, is a set of services to support system-level performance monitoring developed by SGI. It has traditionally been an IRIX product, however SGI has made it open source and it is now available for Linux systems. The Performance Metrics Collector Daemon (PMCD) is a message routing server, controlling communications between the client monitoring tools and the domain agents. The default configuration of PMCD allows a remote attacker to connect and retrieve information about the system, such as available memory, process lists, and file system mount points, and also to pass a large quantity of garbage data to the service, causing the system to consume all available memory.
% pminfo -f -h sgi.victim.com filesys.mountdir
lists all disks and their mount points, for instance.
% pmem -h sgi.victim.com
will return something looking much like a ps -ef, all processes with their owners and long argument lists.
% perl -e 'print " a" x 92834244,"\n";' | telnet sgi.victim.com 4321
will issue a denial of service for the victim.
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of pmcd daemon for the remote server, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
* Platforms Affected:
IRIX 6.3
IRIX 6.4
IRIX 6.5
IRIX 6.5.1 ~ 6.5.10 |
| Recommendation |
Restrict access to PMCD, or disable the service if it is not needed.
An administrator can configure the service to allow or disallow connections based on IP address in the pmcd configuration file (/etc/pmcd.conf).
To disable the service:
1. Issue the following command as root:
chkconfig pmcd off
2. Kill the pmcd process.
-- OR --
Upgrade to the latest version of IRIX (6.5.16 or later), or apply the appropriate patch for your system, as listed in SGI Security Advisory 20020407-01-I, ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I |
| Related URL |
CVE-2000-0283,CVE-2000-1193 (CVE) |
| Related URL |
1106,4642 (SecurityFocus) |
| Related URL |
4283,4284 (ISS) |
|
