COMMAND
/usr/Cadmin/bin/chost
SYSTEMS AFFECTED
IRIX 5.3
PROBLEM
Grant Kaufmann found vulnerability in chost program and made
exploit. Here it goes.
/usr/Cadmin/bin/chost
tools-primary user information
change information
OK (to root password, ie leave blank)
OK (to "password invalid")
Cancel
Double-click any share resource to bring up desktopManager
running as root. Try editing /etc/passwd
SOLUTION
Although patches are available for this issue, it is realized that
there may be situations where installing the patches immediately
may not be possible. The steps below can be used to disable the
objectserver(1M) daemon to prevent exploitation of this
vulnerability until patches can be installed.
Disabling the objectserver daemon will disable the Cadmin system
administration tools:
% /bin/su -
Password:
#
# /sbin/chkconfig objectserver off
# /etc/init.d/cadmin stop; /etc/init.d/cadmin start
# exit
%
Solution:
OS Version Vulnerable? Patch # Other Actions
---------- ----------- ------- -------------
IRIX 3.x no Note 1
IRIX 4.x no Note 1
IRIX 5.0.x not tested Note 1 & 3
IRIX 5.1.x not tested Note 1 & 3
IRIX 5.2 not tested Note 1 & 3
IRIX 5.3 yes 3654 Note 1 & 3
IRIX 6.0.x not tested Note 1 & 3
IRIX 6.1 not tested Note 1 & 3
IRIX 6.2 yes 2849 Note 2 & 3
IRIX 6.3 no Note 1
IRIX 6.4 no Note 1
IRIX 6.5.X no
Notes: 1) This version of the IRIX operating has been retired.
Upgrade to an actively supported IRIX operating system.
See http://support.sgi.com/irix/news/index.html#policy
for more information.
2) This version of the IRIX operating system is in
maintenance mode. Upgrade to an actively supported
IRIX operating system. See
http://support.sgi.com/irix/news/index.html#policy for
more information.
3) See workarounds above.