SGI IRIX /usr/sbin/fmt Vulnerability

Original issue date: August 26, 1991
Last revised: September 18, 1997
Attached copyright statement

A complete revision history is at the end of this file.

The Computer Emergency Response Team/Coordination Center (CERT/CC) has received information concerning a vulnerability of mail messages in Silicon Graphics Computer Systems' IRIX versions prior to 4.0 (this includes all 3.2 and 3.3.* versions).  This problem has been fixed in version 4.0.

Information regarding the exploitation of this vulnerability is inherently disclosed by any discussion of the problem (including this Advisory) so we recommend taking immediate action. Until you are able to apply the patch, mail at your site is vulnerable to being read by any ordinary user logged in at that site.

Silicon Graphics has provided the enclosed patch instructions.


I. Description

A vulnerability exists such that IRIX pre-4.0 (e.g., 3.3.3) systems with the basic system software ("eoe1.sw.unix") installed can allow unauthorized read access to users' mail messages, by exploiting a configuration error in a standard system utility. Due to the ease of exploiting this vulnerability and the simplicity of the corrective action, the CERT/CC urges all sites to install the patch given below.

II. Impact

Anyone who can log in on a given IRIX pre-4.0 (3.2, 3.3, 3.3.*) system can read mail messages which have been delivered to any other user on that same system.

III. Solution

As "root", execute the following commands:
	chmod 755 /usr/sbin/fmt
        chown root.sys /usr/sbin/fmt
If system software should ever be reloaded from a 3.2 or 3.3.* installation tape or from a backup tape created before the patch was applied, repeat the above procedure immediately after the software has been reloaded, before enabling logins by normal users.

[Fixed in IRIX 4.0.]


The CERT/CC would like to thank Silicon Graphics for bringing this vulnerability and solution to our attention.



This document is available from: http://www.preview.cert.org/advisories/CA-1991-14.html

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email.  Our public PGP key is available from

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site

* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.


NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.


Conditions for use, disclaimers, and sponsorship information

Copyright 1991 Carnegie Mellon University.


Revision History
September 18,1997  Attached Copyright Statement