Rule: -- Sid: 2084 -- Summary: xfsmd -- Impact: Possible root access and code execution. -- Detailed Information: It is possible for an attacker to exploit some versions of the xfsmd daemon. Due to a programming error, the service does not correctly check for certain meta-characters and they are not stripped from the request. The xfsmd daemon is not installed by default on IRIX systems but it is part of an optional package. -- Affected Systems: IRIX 6.2 IRIX 6.3 IRIX 6.4 IRIX 6.5.x -- Attack Scenarios: Exploits are widely available. -- Ease of Attack: Simple -- False Positives: None Known -- False Negatives: None Known -- Corrective Action: Patches are NOT available for this issue. Disable and remove the xfsmd daemon. Uprade to the latest non affected version of the operating system -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: Bugtraq: http://www.securityfocus.com/bid/5075 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0359 SGI IRIX: ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I --
