IRIX fam service allows an attacker to obtain a list of all files on the server.
Exploitability Analysis: Network
A vulnerability exploitable with network access means the vulnerable software is bound to
the network stack and the attacker does not require local network access or local access.
Such a vulnerability is often termed “remotely exploitable”. An example of a network
attack is an RPC buffer overflow.
Exploitability Complexity: Medium
The access conditions are somewhat specialized; the following are examples:
The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted.
Some information must be gathered before a successful attack can be launched.
The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a
server performs user account authentication via a specific scheme, but not present for another authentication scheme).
The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g.,
phishing attacks that modify a web browser’s status bar to show a false link, having to be on someone’s “buddy”
list before sending an IM exploit).
Authentication is not required to access and exploit the vulnerability.
Confidentiality Impact: Complete
There is total information disclosure, resulting in all system files being revealed. The
attacker is able to read all of the system's data (memory, files, etc.).
Integrity Impact: None
There is no impact to the integrity of the system.
Availability Impact: None
There is no impact to the availability of the system.