sgi_pmcd_version

Performance Copilot Problems

Impact

Vulnerabilities exist in the Performance Copilot package, as supplied as part of IRIX 6.5. By default, IRIX will install the pmcd daemon, which is installed in /usr/etc. By default, no ACL's are present to limit access to this program. It listens on port 4321.

Background

Performance Copilot both exposes a large quantity of information, as well as providing a simple denial of service. From the post to Bugtraq: % pminfo -f -h sgi.victim.com filesys.mountdir lists all disks and their mount points, for instance.

Resolution

Disable the pmcd daemon by de-activating it through the chkconfig facility (i.e., /etc/chkconfig pmcd off) and then rebooting the system.