|
SGI IRIX Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA10750
|
|
|
Release Date:
|
2004-01-30
|
|
Last Update:
|
2004-02-06
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Privilege escalation
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | SGI IRIX 6.5.x
|
|
| | CVE reference: | CVE-1999-1332 (Secunia mirror)
CVE-2002-1275 (Secunia mirror)
CVE-2002-1323 (Secunia mirror)
CVE-2003-0367 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
SGI has acknowledged multiple, older vulnerabilities in IRIX. These can be exploited by malicious users to compromise a vulnerable system or escalate their privileges.
An input validation error in the html2ps print filter can be exploited by malicious users to execute arbitrary commands on a vulnerable system with user "lp" privileges.
An error in the "Safe.pm" module can result in safe compartments being unsafe when re-used.
The gzexe and znew scripts in gzip create temporary files insecurely, which can be exploited to overwrite arbitrary files via symlink attacks.
Boundary errors in "gr_osview" and "libdesktopicon.so" can be exploited by malicious, local users to cause a buffer overflow and thereby potentially gain escalated privileges.
The vulnerabilities affect all versions prior to 6.5.23.
Solution:
Update to version 6.5.23 or apply patch 5473 for versions 6.5.18 through 6.5.20 or apply patch 5474 for versions 6.5.21 through 6.5.22.
Provided and/or discovered by:
Discovery of the "libdesktopicon.so" and "gr_osview" issues is credited to Last Stage of Delirium.
Changelog:
2004-02-06: New patches has been released due to errors in the original patch.
Original Advisory:
ftp://patches.sgi.com/support/free/security/advisories/20040104-02-P.asc
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
66 Related Secunia Security Advisories, displaying 10
|
|
|
1. SGI IRIX update for sendmail
|
|
2. SGI IRIX update for sendmail
|
|
3. SGI IRIX "runpriv" Arbitrary Shell Command Injection Vulnerability
|
|
4. SGI IRIX arrayd Authentication Spoofing Vulnerability
|
|
5. SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access
|
|
6. SGI IRIX update for telnet
|
|
7. SGI IRIX gr_osview Privilege Escalation and Information Disclosure
|
|
8. SGI IRIX inpview Privilege Escalation Vulnerability
|
|
9. SGI IRIX update for samba
|
|
10. SGI IRIX OpenSSL and OpenSSH Vulnerabilities
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
