Permissions Tool Vulnerability

vendor:

IRIX

by:

SecurityFocus

7.2

CVSS

HIGH

Permissions Tool Vulnerability

N/A

CWE

Product Name: IRIX

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: IRIX

2001

Permissions Tool Vulnerability

The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions tool allows local malicious users to modify the permissions of any file on the system by running the tool against the file, changing the permissions, and clicking the 'Apply' button twice before the dialog box appears asking for a username and password.

Mitigation:

Ensure that the permissions tool is not accessible to malicious users.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1751/info

The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions tool allows local malicious users to modify the permissions of any file on the system.

This is SGI SCR # 265071.

If you attempt to change the permissions of a file you don't have privileges for the permissions tool will prompt you for the name and password of a privileged user. But the permission changes are made to the target file before the tool prompts you for the password if you double click "Apply". 

Run /usr/lib/desktop/permissions aganist the file which permissions you want to modify. Change the permissions. Click on the 'Apply' button twice before the dialog box appears asking you for a username and password. Click the 'Cancel' button.