IRIX Objectserver Vulnerability

BID:1079

Info

IRIX Objectserver Vulnerability

Bugtraq ID: 1079
Class: Access Validation Error
CVE:
Remote: Yes
Local: No
Published: Mar 29 2000 12:00AM
Updated: Mar 29 2000 12:00AM
Credit: This vulnerability was posted to the Bugtraq mailing list on March 29, 2000 by "Howard M. Kash III" <[email protected]>. It has existed in the wild since at least June of 1997, when an exploit was released by the group "Last Stage of Delirium"
Vulnerable: SGI IRIX 6.2
SGI IRIX 6.1
SGI IRIX 6.0.1 XFS
SGI IRIX 6.0.1
SGI IRIX 6.0
SGI IRIX 5.3 XFS
SGI IRIX 5.3
SGI IRIX 5.2
Not Vulnerable: SGI IRIX 6.5.4
SGI IRIX 6.5.3 m
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.2 m
SGI IRIX 6.5.1
SGI IRIX 6.5
SGI IRIX 6.4
SGI IRIX 6.3

Discussion

IRIX Objectserver Vulnerability

A vulnerability exists in SGI's Objectserver service. By exploiting a vulnerability in this service, remote attackers can add root privileged accounts to the system being compromised. While a patch was made available, and IRIX 6.2 systems were thought to be fixed, the patch merely prevented the creation of root accounts, and did nothing to prevent the creation of other accounts. This vulnerability has existed in the wild since 1997, and was well publicized.

Exploit / POC

IRIX Objectserver Vulnerability

Exploit available:

Solution / Fix

IRIX Objectserver Vulnerability

Solution:
Patches are available for this vulnerability at http://support.sgi.com.


SGI IRIX 5.3
  • SGI 3854


SGI IRIX 6.2
  • SGI 2849

References

IRIX Objectserver Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report