{"vuid":"VU#258632","idnumber":"258632","name":"SGI IRIX Embedded Support Partner (ESP) service rpc.espd contains buffer overflow","keywords":["SGI","IRIX","Embedded Support Partner","ESP","rpc.espd","esp","espd"],"overview":"There is a remotely-accessible buffer overflow in SGI IRIX systems running rpc.espd that may allow remote attackers to execute arbitrary code. The Embedded Support Partner daemon (rpc.espd) is enabled by default on all IRIX versions since 6.5.5.","clean_desc":"The Embedded Support Partner daemon (rpc.espd) is used system administratosr to manage large numbers of SGI systems running IRIX. It maintains state about the devices attached to IRIX systems on a network. The ESP daemon, rpc.espd, contains a buffer overflow condition that may allow remote attackers to execute arbitrary code with super user privileges on the target server. Internet Security Systems X-Force issued an advisory about this vulnerability on May 9, 2001, which is available at: http://xforce.iss.net/alerts/advise76.php The espd appears to also be accesible via a web interface listening on port 5555/tcp. It is unclear at this time whether the buffer overflow occurs as a result of a call to the RPC service or via the http interface.","impact":"A remote user may gain root privileges.","resolution":"Please see the following advisory from SGI, 20010501-01-P: ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P","workarounds":"An excerpt from 20010501-01-P which includes a workaround: - --- Temporary Solution --- Although patches are available for this issue, it is realized that\nthere may be situations where installing the patches immediately may\nnot be possible. The steps below can be used to disable the rpc.espd daemon to prevent \nexploitation of this vulnerability until patches can be installed. 1) Become the root user on the system. % /bin/su -\n                Password: 2) Change the permissions on the rpc.espd daemon. # /bin/chmod -x /usr/etc/rpc.espd 3) Restart inetd to kill any vulnerable running daemons. # /etc/killall -HUP inetd 4) Return to previous level. # exit","sysaffected":"","thanks":"Mark Dowd of X-Force, Internet Security Systems, has been publicly credited for discovering this vulnerability.","author":"This document was written by Jeffrey S. Havrilla.","public":["ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P","http://www.sgi.com/support/security/advisories.html","http://xforce.iss.net/alerts/advise76.php"],"cveids":["CVE-2001-0331"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-05-09T18:19:45Z","publicdate":"2001-05-09T00:00:00Z","datefirstpublished":"2001-05-09T21:21:49Z","dateupdated":"2001-05-09T21:31:00Z","revision":6,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"33.75","cam_scorecurrentwidelyknown":"33.75","cam_scorecurrentwidelyknownexploited":"56.25","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":33.75,"vulnote":null}