Download
| Alert*
CVE-2005-0465
gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option. CVE-2004-0135 The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory. CVE-2003-0064 The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary ... CVE-1999-0328 SGI permissions program allows local users to gain root privileges. CVE-1999-0329 SGI mediad program allows local users to gain root access. CVE-1999-0022 Local user gains root privileges via buffer overflow in rdist, via expstr() function. CVE-1999-0044 fsdump command in IRIX allows local users to obtain root access by modifying sensitive files. CVE-1999-0960 IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. CVE-1999-0049 Csetup under IRIX allows arbitrary file creation or overwriting. CVE-1999-1114 Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. CVE-1999-1272 Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges. CVE-1999-0215 Routed allows attackers to append data to files. CVE-1999-0959 IRIX startmidi program allows local users to modify arbitrary files via a symlink attack. CVE-1999-0032 Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. CVE-1999-1243 SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges. CVE-1999-1120 netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. CVE-1999-1143 Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. CVE-1999-0038 Buffer overflow in xlock program allows local users to execute commands as root. CVE-1999-0051 Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. CVE-1999-0073 Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access. CVE-2000-0733 Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. CVE-1999-1398 Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. CVE-1999-1494 colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument. CVE-1999-1410 addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. CVE-2000-0245 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. CVE-1999-1384 Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. CVE-1999-1401 Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook). CVE-2002-0173 Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. CVE-2002-0678 CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. CVE-2002-0677 CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. |