Performance Copilot Problems

Impact

Vulnerabilities exist in the Performance Copilot package, as supplied as part of IRIX 6.5. By default, IRIX will install the pmcd daemon, which is installed in /usr/etc. By default, no ACL's are present to limit access to this program. It listens on port 4321.

Background

Performance Copilot both exposes a large quantity of information, as well as providing a simple denial of service. From the post to Bugtraq: % pminfo -f -h sgi.victim.com filesys.mountdir lists all disks and their mount points, for instance.

Resolution

Disable the pmcd daemon by de-activating it through the chkconfig facility (i.e., /etc/chkconfig pmcd off) and then rebooting the system.