IRIX-objectserver vulnerability

Impact

On vulnerable IRIX systems(version 5.2, 5.3, 6.0-6.2), objectserver daemon allows a remote attacker to create root privileged accounts.

Background

The objectserver daemon contains a vulnerability which could allow a remote attacker to create user accounts on the system.

IRIX versions 5.0 through 6.2 have this vulnerability. Later versions do not have the Cadmin utilities and therefore are not affected.

Resolution

Disable the objectserver daemon if the Cadmin utilities are not needed by disabling through the chkconfig facility (i.e., /etc/chkconfig objectserver off) and then rebooting the system.

If the Cadmin utilities are needed, apply an appropriate patch Patch information is available from CIAC Bulletin K-030.

Reference(s):

CVE Reference(s):