A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as the passwd file.
tools-primary user information
OK (to root password, ie leave blank)
OK (to "password invalid")
Double-click any share resource to bring up desktopManager
running as root. Try editing /etc/passwd
double-click any of the mounted filesystems to bring up the desktopManager