Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2925

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2925
Last Modified 05 Sep 2008 04:53:00
Published 12 Oct 2005 09:04:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2925

Summary

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

Vulnerable Systems

Operating System

  • Sgi Irix 6.5.22


References

IDEFENSE - 20051010 SGI IRIX runpriv Design Error Vulnerability

XF - irix-runpriv-command-injection(22561)

BID - 15055

BUGTRAQ - 20060311 SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit

OSVDB - 19907

SECTRACK - 1015031

SECUNIA - 17131

SGI - 20051001-01-P


Last Updated: 27 May 2016 10:40:40