SGI arrayd.auth Default Configuration Vulnerability

SGI arrayd.auth Default Configuration Vulnerability

The SGI Array Services provide a mechanism to simplify administering and managing an array of clustered systems. The arrayd(1m) program is part of the array_services(5) and is known as the array services daemon. The default configuration for authorization makes clustered systems vulnerable to remote root compromises. The array services are installed on Irix systems by default from the Irix applications CD. All versions of Unicos post 9.0.0 are vulnerable.