IRIX runpriv Vulnerability

IRIX runpriv Vulnerability

A vulnerability exists in the 'runpriv' program, as included with the Irix version 6.3 and 6.4 operating systems. Runpriv is part of the Indigo Magic Administrative Subsystem, part of the System Desktop package, and is intended to be used to allow unpriviledged users to run certain commands as root. SGI reports that a vulnerability in this program may allow any user to execute commands as root. It does require access to the machine in order to exploit the vulnerability.