COMMAND

    ipx{chk,link}

SYSTEMS AFFECTED

    IRIX 6.3 (O2)

PROBLEM

    Fabrice Planchon  found follwing.   SGI O2  running Irix  6.3 come
    with support  for the  IPX protocol  from Novell.   This stuff  is
    installed by  default, and  live in  /usr/etc/netware/ among other
    things, there are  2 suid binaries,  ipxchk and ipxlink.   None of
    them are documented  anywhere, and they  allow root access  in the
    most simple way (think IFS=/).

SOLUTION

    Change  the  permissions  on  the  vulnerable  NetWare  Client 1.0
    programs:

        # /bin/chmod 500 /usr/etc/netware/ipxchk
        # /bin/chmod 500 /usr/etc/netware/ipxlink

    or apply patches:

        OS Version     Patch #
        ----------     -------
        IRIX 6.3        2869