WWC snapshot of http://www.alw.nih.gov/Security/Docs/sgi-security-serial.html taken on Sat Jun 10 19:13:06 1995

5 October 1994 - SGI Security Advisory

(Serial Port Administration Tool)

To: All SGI workstation administrators

It has come to the attention of the Advanced Laboratory Workstation System* staff that a potential vulnerability exists on any Silicon Graphics Inc. workstation running the IRIX operating system previous to IRIX 5.0 that could enable an unprivileged user to become an active root user. If you are currently using IRIX 5.x and have upgraded from IRIX 4.0 yourself without first deleting IRIX 4.0, you are also prone to this attack. If you have received a new machine from SGI with IRIX 5.0 or higher already loaded, then you will not have to worry about this security advisory applying to your machine. If you are an ALW subscriber, you are immune to this security risk since we have seen to it that your machine's operating system has automatically applied the needed patches.
Run the following on your SGI workstation to find the version of the operating system that you are currently running.

              uname -r

If you are using a version less than 5.0 or you have upgraded to 5.0 yourself without first removing version 4.0, then follow the instructions listed below.

Become the root user on the system by logging into your machine as "root" or by using the command
```
         /bin/su - 
```
Change the UNIX permissions on a particular file with the command
```
         /bin/chmod 700 /usr/lib/vadmin/serial_ports
```

We urge you to do this as soon as possible. This is for your own safety as well as your fellow researchers on the network.

Any questions or problems concerning this advisory, may be directed to the ALW staff by contacting the DCRT TASC group (594-DCRT).

- ALW Staff

Comments to www-alw@alw.nih.gov

Back up to ALW Home Page