Info

Disclosure

Nov 17, 1993

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an ingenious, yet malicious, user places escape sequences in a file or filename, which when passed to xwsh, will remap keys to unexpected strings or to xwsh internal functions. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: use xterm instead of xwsh.

Products

Silicon Graphics, Inc.

IRIX

Unknown or Unspecified

References

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1993_4/0003.html
Other Advisory URL: http://www.faqs.org/faqs/sgi/faq/security/section-7.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/18725