Silicon Graphics (SGI) has admitted that its IRIX operating system is vulnerable to hackers when it runs the Apache web server.
Two security flaws affect IRIX versions 6.5.12, 6.5.13 and 6.5.14 running Apache versions prior to 1.3.22.
SGI says the risk is so bad that if users cannot upgrade they should disable Apache.
The first vulnerability is in Apache's split-logfile program, a tool used to manage logfiles. If the feature is turned on, a hacker could rewrite any file with a .log extension on the system and give them full access.
SGI said that Split-logfile is not turned on by default.
The other security flaw was found in Apache's Multiviews facility, which customises web content for browsers.
Using some configurations, a hacker could return to a directory listing and discover the locations of sensitive files on the system.
There is no patch for the flaws and SGI says that users should upgrade to an operating system newer than 6.5.14, which includes a newer version of Apache.