header-logo
Suggest Exploit
vendor:
IRIX
by:
SecurityFocus
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: IRIX
Affected Version From: IRIX 5.1
Affected Version To: IRIX 5.2
Patch Exists: NO
Related CWE: N/A
CPE: o:sgi:irix:5.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
1998

sgihelp Program Vulnerability

The sgihelp program, from SGI and included with IRIX 5.1 and 5.2, contains a vulnerability. sgihelp contains an option that allows a user to print to a command. Certain SGI utilities, including PrintStatus, printers, scanners, and a number of others, will call this program without changing their uid to the users, from roots. As such, arbitrary commands can be executed as root using the 'print to command' option of sgihelp.

Mitigation:

Disable the sgihelp program or restrict access to it.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/468/info

The sgihelp program, from SGI and included with IRIX 5.1 and 5.2, contains a vulnerability. sgihelp contains an option that allows a user to print to a command. Certain SGI utilities, including PrintStatus, printers, scanners, and a number of others, will call this program without changing their uid to the users, from roots. As such, arbitrary commands can be executed as root using the 'print to command' option of sgihelp.

Run PrintStatus
Press the 'help' button.
Select the 'print to command' option. This will allow you to execute anything as root.

Navigation

Suggest Exploit

Services By CQR