header-logo
Suggest Exploit
vendor:
Irix 5.x
by:
SecurityFocus
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: Irix 5.x
Affected Version From: Irix 5.x
Affected Version To: Irix 5.x
Patch Exists: YES
Related CWE: N/A
CPE: o:sgi:irix:5
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Vulnerability in chost and cimport programs

A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as the passwd file. An attacker can exploit this vulnerability by running the chost or cimport programs and then double-clicking any share resource to bring up the desktopManager running as root. The attacker can then edit the /etc/passwd file.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/335/info

A vulnerability exists in the chost and cimport programs, as shipped with SGI's Irix 5.x operating system. chost is part of the Cadmin package. By failing to validate the real userid, these programs allow any user to edit protected files, such as the passwd file.

/usr/Cadmin/bin/chost
tools-primary user information
change information
OK (to root password, ie leave blank)
OK (to "password invalid")
Cancel
Double-click any share resource to bring up desktopManager
running as root. Try editing /etc/passwd


/usr/Cadmin/bin/cimport
New
OK
OK
Cancel
double-click any of the mounted filesystems to bring up the desktopManager

Navigation

Suggest Exploit

Services By CQR