SGI InPerson Local Privilege Escalation Vulnerability
BID:12259
Info
SGI InPerson Local Privilege Escalation Vulnerability
| Bugtraq ID: | 12259 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 14 2005 12:00AM |
| Updated: | Jan 14 2005 12:00AM |
| Credit: | This issue was discovered by iDEFENSE Labs. |
| Vulnerable: |
SGI InPerson |
| Not Vulnerable: | |
Discussion
SGI InPerson Local Privilege Escalation Vulnerability
A local privilege escalation vulnerability affects SGI InPerson. This issue is due to a design error that causes the application to run with superuser privileges while trusting user-controlled environment variables.
An attacker may leverage this issue to gain superuser access to the affected computer.
A local privilege escalation vulnerability affects SGI InPerson. This issue is due to a design error that causes the application to run with superuser privileges while trusting user-controlled environment variables.
An attacker may leverage this issue to gain superuser access to the affected computer.
Exploit / POC
SGI InPerson Local Privilege Escalation Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
Running the application when the 'SUN_TTSESSION_CMD' environment variable stores the following string will cause a setuid shell to be placed into the '/tmp' directory:
"cp /bin/jsh/tmp/jsh;chmod 6755 /tmp/jsh;killall -9 inpview,"
No exploit is required to leverage this issue. The following proof of concept has been provided:
Running the application when the 'SUN_TTSESSION_CMD' environment variable stores the following string will cause a setuid shell to be placed into the '/tmp' directory:
"cp /bin/jsh/tmp/jsh;chmod 6755 /tmp/jsh;killall -9 inpview,"
Solution / Fix
SGI InPerson Local Privilege Escalation Vulnerability
Solution:
It has been reported that the affected application is no longer supported by SGI, and as such no patch or upgrade will be provided to resolve this issue.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It has been reported that the affected application is no longer supported by SGI, and as such no patch or upgrade will be provided to resolve this issue.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SGI InPerson Local Privilege Escalation Vulnerability
References:
References: