COMMAND

    /usr/Cadmin/bin/chost

SYSTEMS AFFECTED

    IRIX 5.3

PROBLEM

    Grant  Kaufmann  found  vulnerability  in  chost  program and made
    exploit.  Here it goes.

        /usr/Cadmin/bin/chost
        tools-primary user information
        change information
        OK (to root password, ie leave blank)
        OK (to "password invalid")
        Cancel
        Double-click any share resource to bring up desktopManager
        running as root. Try editing /etc/passwd

SOLUTION

    Although patches are available for this issue, it is realized that
    there may be situations  where installing the patches  immediately
    may not be possible.  The  steps below can be used to  disable the
    objectserver(1M)  daemon   to  prevent    exploitation   of   this
    vulnerability until patches can be installed.

    Disabling the objectserver daemon  will disable the Cadmin  system
    administration tools:

        % /bin/su -
        Password:
        #
        # /sbin/chkconfig objectserver off
        # /etc/init.d/cadmin stop; /etc/init.d/cadmin start
        # exit
        %

    Solution:

        OS Version     Vulnerable?     Patch #      Other Actions
        ----------     -----------     -------      -------------
        IRIX 3.x        no                           Note 1
        IRIX 4.x        no                           Note 1
        IRIX 5.0.x      not tested                   Note 1 & 3
        IRIX 5.1.x      not tested                   Note 1 & 3
        IRIX 5.2        not tested                   Note 1 & 3
        IRIX 5.3        yes              3654        Note 1 & 3
        IRIX 6.0.x      not tested                   Note 1 & 3
        IRIX 6.1        not tested                   Note 1 & 3
        IRIX 6.2        yes              2849        Note 2 & 3
        IRIX 6.3        no                           Note 1
        IRIX 6.4        no                           Note 1
        IRIX 6.5.X      no

    Notes:  1) This version of  the IRIX operating  has been  retired.
               Upgrade to an actively supported IRIX operating system.
               See  http://support.sgi.com/irix/news/index.html#policy
               for more information.
            2) This  version  of  the  IRIX  operating  system  is  in
               maintenance  mode.   Upgrade  to  an actively supported
               IRIX         operating         system.              See
               http://support.sgi.com/irix/news/index.html#policy  for
               more information.
            3) See workarounds above.