A local overflow exists in IRIX. The gr_osview program fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can gain root privileges resulting in a loss of confidentiality, integrity, and/or availability.
Classification
Attack Type:
Input Manipulation
Solution
Currently, there are no known workarounds to correct this issue. However, SGI has released a patch to address this vulnerability in the 6.5.x versions. All other versions should upgrade to 6.5.23.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.