Info

Disclosure

Aug 01, 1994

Discovery

Unknown

Dates

Exploit

Aug 01, 1994

Solution

Unknown

Description

sgihelp in IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the insecure use of the system() call function, which may allow any unauthenticated and/or authenticated user to gain access to root privileges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SGI has released a patch to address this vulnerability.

Products

Silicon Graphics, Inc.	IRIX	5.2
		5.1

References

CVE ID: 1999-1219 (see also: NVD)
Bugtraq ID: 468
ISS X-Force ID: 511
CERT: CA-1994-13
CIAC Advisory: e-33
Other Advisory URL: ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-94.04.SGI.Irix.sgihelp.Vulnerability
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1994_3/0128.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0130.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0131.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0132.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0134.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0136.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0141.html
http://archives.neohapsis.com/archives/bugtraq/1994_3/0142.html
Vendor URL: http://www.sgi.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8558

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Silicon Graphics, Inc.

IRIX

References

Credit