CVE-1999-1022

Name of the Vulnerable Software and Affected Versions IRIX versions 4.x through 5.x

Description The issue concerns the serial ports administrative program, which relies on the user's PATH environmental variable to locate and execute the ls program. This trust in the PATH variable allows local users to potentially gain root privileges by using a Trojan horse ls program.

Recommendations For IRIX versions 4.x through 5.x, consider modifying the serial ports administrative program to use an absolute path for executing the ls program, rather than relying on the user's PATH environmental variable, until a proper fix is available.