Info

Disclosure

Aug 02, 2000

Discovery

Jan 01, 1997

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in IRIX. The gr_osview program fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can gain root privileges resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Attack Type: Input Manipulation

Solution

Currently, there are no known workarounds to correct this issue. However, SGI has released a patch to address this vulnerability in the 6.5.x versions. All other versions should upgrade to 6.5.23.

Products

Silicon Graphics, Inc.	IRIX	6.2
		6.3
		6.4
		6.5.x

References

Secunia Advisory ID: 10750
Bugtraq ID: 1526
CVE ID: 2000-0797 (see also: NVD)
ISS X-Force ID: 5062
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2000-07/0461.html
http://www.lsd-pl.net/files/get?IRIX/irx_gr_osview

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Silicon Graphics, Inc.

IRIX

References

Credit