Info

Disclosure

Oct 30, 1996

Discovery

Unknown

Dates

Exploit

Oct 30, 1996

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious user to gain unauthorized privileges. The issue is triggered when a malicious user manipulates environment variables and configuration files to trick the RemoveSystemTour program, which is setuid root, into executing a trojan horse. It is possible that the flaw may allow root privileges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: #/bin/chmod u-s /usr/lib/tour/bin/RemoveSystemTour #/bin/chmod u-s /usr/people/tour/oob/bin/oobversions

Products

Silicon Graphics, Inc.	IRIX	5.x
		6.0
		6.0.1
		6.1
		6.2
		6.3

References

CVE ID: 1999-1384 (see also: NVD)
Bugtraq ID: 470
ISS X-Force ID: 7456

Credit

Tun-Hui Hu - hhuistardot.net -

Direct URL: http://osvdb.org/1012

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Silicon Graphics, Inc.

IRIX

References

Credit