SGI IRIX GR_OSView Information Disclosure Vulnerability
BID:13057
Info
SGI IRIX GR_OSView Information Disclosure Vulnerability
| Bugtraq ID: | 13057 |
| Class: | Design Error |
| CVE: |
CVE-2005-0464 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 07 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery is credited to an anonymous researcher. |
| Vulnerable: |
SGI IRIX 6.5.22 m |
| Not Vulnerable: | |
Discussion
SGI IRIX GR_OSView Information Disclosure Vulnerability
gr_osview is reported prone to an information disclosure vulnerability. This issue can help a local attacker to obtain sensitive information such as exposing an administrator's password hash and carrying out other attacks.
This issue has been confirmed in SGI IRIX 6.5.22 maintenance release. Other versions of IRIX may be vulnerable as well.
gr_osview is reported prone to an information disclosure vulnerability. This issue can help a local attacker to obtain sensitive information such as exposing an administrator's password hash and carrying out other attacks.
This issue has been confirmed in SGI IRIX 6.5.22 maintenance release. Other versions of IRIX may be vulnerable as well.
Exploit / POC
SGI IRIX GR_OSView Information Disclosure Vulnerability
An exploit is not required.
The following proof of concpet is available:
gr_osview -d -D /etc/shadow
An exploit is not required.
The following proof of concpet is available:
gr_osview -d -D /etc/shadow
Solution / Fix
SGI IRIX GR_OSView Information Disclosure Vulnerability
Solution:
It is reported that the vendor has acknowledged this issue and released patches to address it. This cannot be confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has acknowledged this issue and released patches to address it. This cannot be confirmed at the moment. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SGI IRIX GR_OSView Information Disclosure Vulnerability
References:
References:
- Advisories (SGI)
- IRIX Product Page (SGI)
- SGI IRIX gr_osview Information Disclosure Vulnerability ("iDEFENSE Labs"