Tutorial - IRIX-objectserver vulnerability
IRIX-objectserver vulnerability
Impact
On vulnerable IRIX systems(version 5.2, 5.3, 6.0-6.2), objectserver
daemon allows a remote attacker to create root privileged accounts.
Background
The objectserver daemon contains a vulnerability which could allow
a remote attacker to create user accounts on the system.
IRIX versions 5.0 through 6.2 have this vulnerability. Later versions
do not have the Cadmin utilities and therefore are not affected.
Resolution
Disable the objectserver daemon if the Cadmin utilities are not needed by
disabling through the chkconfig facility (i.e., /etc/chkconfig objectserver off) and then rebooting the system.
If the Cadmin utilities are needed, apply an appropriate
patch Patch information is
available from
CIAC Bulletin K-030.
Reference(s):
CVE References(s):