View Source

Original issue date: April 10, 1992<BR>
Last revised: September 19, 1997<BR>
Attached copyright statement

<P>A complete revision history is at the end of this file.

<P>The Computer Emergency Response Team/Coordination Center (CERT/CC) has
received information concerning a method of unauthorized root access
in the lp software in Silicon Graphics Computer Systems (SGI) IRIX
operating systems.  This vulnerability is present in all current
versions of IRIX.

<P>Silicon Graphics Computer Systems and the CERT/CC strongly recommend
that sites take immediate action to eliminate this vulnerability from
their systems.

<P>This vulnerability will be fixed in IRIX 4.0.5 and is NOT present in any
version of the Trusted IRIX/B product.

<P><HR>
<H2>I. Description</H2>


When IRIX pre-4.0.5 systems are installed or updated using either
the basic system software (&quot;eoe1.sw.unix&quot;) or the system manager
software (&quot;eoe2.sw.vadmin&quot;) media, a vulnerability is introduced
in the lp software.

<H2>II. Impact</H2>


Any user logged into the system can gain root access.

<H2>III. Solution</H2>


As root, execute the following commands:
<PRE>
        # cd /usr/lib
        # chmod a-s,go-w lpshut lpmove accept reject lpadmin
        # chmod go-ws lpsched vadmin/serial_ports vadmin/users vadmin/disks
        # cd /usr/bin
        # chmod a-s,go-w disable enable
        # chmod go-ws cancel lp lpstat
</PRE>
If the eoe2.sw.vadmin software is not installed, you may
ignore any warning messages from chmod such as:

<P>&quot;chmod: WARNING: can't access vadmin/serial_ports&quot;

<P>If system software should ever be reinstalled from pre-4.0.5
media or restored from a backup tape created before the patch was
applied, repeat the above procedure before enabling logins by
normal users.

<P><HR>

<P>The CERT/CC would like to thank Silicon Graphics Computer Systems for 
bringing this security vulnerability to our attention and for their quick
response to this problem.

<!--#include virtual="/include/footer_nocopyright.html" -->
<P>Copyright 1992 Carnegie Mellon University.</P>

<HR>

Revision History
<PRE>
September 19,1997  Attached copyright statement
</PRE>