Info

Last Modified

5 months ago

Percent Complete

100%

Disclosure

Apr 01, 2001

Discovery

Unknown

Dates

Exploit

Apr 01, 2001

Solution

Unknown

Description

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user causes lpstat to load and execute a net-type shared library object that specifies a malicious file. This flaw may lead to a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Technical

This vulnerability also affects feature releases (an 'f' after the version number) and maintenance releases (an 'm' after the version number).

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SGI has released patches to address this vulnerability.

Products

SGI	IRIX	6.5.1
		6.5.2
		6.5.3
		6.5.4
		6.5.5
		6.5.6
		6.5.7
		6.5.8
		6.5.9
		6.5.10
		6.5.11
		6.5.12
		6.5.13

References

Generic Exploit URL: http://www.lsd-pl.net/code/IRIX/irx_lpstat2
ISS X-Force ID: 7639
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
CVE ID: 2001-0801 (see also: NVD)
Vendor Specific Solution URL: ftp://patches.sgi.com/support/free/security/patches/

Credit

Last Stage of Delirium Research Group - contactlsd-pl.net - Last Stage of Delirium Research Group

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Technical

Solution

Products

SGI

IRIX

References

Credit

Blogs

Comments