PT-1997-1233 · Sgi · Spaceware+1

Publicado

1997-08-20

Atualizado

2016-10-18

CVE-1999-1399

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SpaceWare 7.3 v1.0 in IRIX 6.2

Description The issue allows local users to gain root privileges by manipulating the HOSTNAME environmental variable to contain commands that will be executed. This is achieved by setting the HOSTNAME variable to include the desired commands.

Recommendations For SpaceWare 7.3 v1.0 in IRIX 6.2, consider restricting the ability to set the HOSTNAME environmental variable to prevent unauthorized command execution until a proper fix is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-1999-1399

Produtos afetados

Irix

Spaceware

PT-1997-1233 · Sgi · Spaceware+1

CVE-1999-1399

Identificadores relacionados

Produtos afetados

Referências · 4