PT-1997-1233 · Sgi · Spaceware+1

Published

1997-08-20

Updated

2016-10-18

CVE-1999-1399

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SpaceWare 7.3 v1.0 in IRIX 6.2

Description The issue allows local users to gain root privileges by manipulating the HOSTNAME environmental variable to contain commands that will be executed. This is achieved by setting the HOSTNAME variable to include the desired commands.

Recommendations For SpaceWare 7.3 v1.0 in IRIX 6.2, consider restricting the ability to set the HOSTNAME environmental variable to prevent unauthorized command execution until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1399

Affected Products

Irix

Spaceware

PT-1997-1233 · Sgi · Spaceware+1

CVE-1999-1399

Related Identifiers

Affected Products

References · 4