IRIX Indigo Magic Desktop permissions Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in IRIX. The permissions program of the Indigo Magic Desktop package fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code with the privileges of the sys group, resulting in a loss of integrity.
Upgrade to version 6.5 or higher, as it has been reported to fix this vulnerability. In addition, Silicon Graphics, Inc. has released patches for some older versions. It is also possible to correct the flaw by implementing the following workaround:
The steps below can be used to remove the vulnerability by removing
the permissions of the syserr and permissions programs.
1) Become the root user on the system.
% /bin/su -
2) Change the permissions on the programs.
# /bin/chmod 500 /usr/sbin/syserr
# /bin/chmod 500 /usr/lib/desktop/permissions
3) Return to previous level.