IRIX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Performance Copilot is installed without access controls, which will allow a remote, malicious attacker to view all disks and their mount points, as well as all processes and their owners, resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: restrict access to PMCD, or disable the service if it is not needed.
An administrator can configure the service to allow or disallow connections based on IP address in the pmcd configuration file (/etc/pmcd.conf).
To disable the service:
1. Issue the following command as root:
chkconfig pmcd off
2. Kill the pmcd process.