IRIX-objectserver vulnerability


On vulnerable IRIX systems(version 5.2, 5.3, 6.0-6.2), objectserver daemon allows a remote attacker to create root privileged accounts.


The objectserver daemon contains a vulnerability which could allow a remote attacker to create user accounts on the system.

IRIX versions 5.0 through 6.2 have this vulnerability. Later versions do not have the Cadmin utilities and therefore are not affected.


Disable the objectserver daemon if the Cadmin utilities are not needed by disabling through the chkconfig facility (i.e., /etc/chkconfig objectserver off) and then rebooting the system.

If the Cadmin utilities are needed, apply an appropriate patch Patch information is available from CIAC Bulletin K-030.


CVE Reference(s):