Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-1999-1022

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-1999-1022
Last Modified 05 Sep 2008 04:18:32
Published 02 Oct 1994 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-1999-1022

Summary

serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.

Vulnerable Systems

Operating System

  • Sgi Irix 4

  • Sgi Irix 5.2

  • Sgi Irix 5.3


References

XF - sgi-serialports(2111)

BID - 464

BUGTRAQ - 19941002


Last Updated: 27 May 2016 10:35:14