[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[irix-security] IRISconsole icadmin password vulnerability

To: irix-security@sfu.ca
Subject: [irix-security] IRISconsole icadmin password vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 5 Jun 2002 19:48:07 -0700
User-Agent: Mutt/1.2.5.1i

Topic
=====
priviledge escalation possible due to bugs in IRISconsole

Problem Description
===================
Under certain conditions the IRISconsole 2.0 product will allow login to
the "icadmin" account with the wrong password.

This vulnerability could lead to a privileged compromise of the IRISconsole
environment.

Affected Systems
================
The IRISconsole product is an optional product and is not installed by
default on IRIX systems.

In order to determine if IRISconsole is installed, execute the following
command:

  % versions -b | grep IRISconsole

If a line similar to that shown below is returned, then IRISconsole is
installed:

I  IRISconsole          09/27/1999  IRISconsole Administration Software 2.0

Solution
========
Install patch 4038 available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/6.5/
or from
http://www.sfu.ca/acs/security/irix/irix-patches.html

This patch is for IRISconsole 2.0 and is not tied to a specific
IRIX operating system release.

Prev by Date: [irix-security] IRIX syslogd vulnerability
Next by Date: [irix-security] IRIX pmcd Denial of Service vulnerability
Prev by thread: [irix-security] IRIX pmcd Denial of Service vulnerability
Next by thread: [irix-security] IRIX syslogd vulnerability
Index(es):
- Date
- Thread