On vulnerable IRIX systems(version 5.2, 5.3, 6.0-6.2), objectserver
daemon allows a remote attacker to create root privileged accounts.
The objectserver daemon contains a vulnerability which could allow
a remote attacker to create user accounts on the system.
IRIX versions 5.0 through 6.2 have this vulnerability. Later versions
do not have the Cadmin utilities and therefore are not affected.
Disable the objectserver daemon if the Cadmin utilities are not needed by
disabling through the chkconfig facility (i.e., /etc/chkconfig objectserver off) and then rebooting the system.
If the Cadmin utilities are needed, apply an appropriate
patch Patch information is
CIAC Bulletin K-030.