Vulnerability: SGI IRIX 6.5
- 18 July, 2003 09:03
Logging into an IRIX 6.5 machine with particular environment variables set can lead to /usr/lib/iaf/scheme (login) dumping core. Since "scheme" is suid root, this could potentially lead to a root compromise. A local account would be required to exploit any such vulnerability.
These issues have been corrected in future releases of IRIX.
For the patch, see ftp://patches.sgi.com/support/free/security/advisories/20030702-01-P.