SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
BID:13058
Info
SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
| Bugtraq ID: | 13058 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0465 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 07 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | The discoverer of this vulnerability wishes to remain anonymous. |
| Vulnerable: |
SGI IRIX 6.5.22 m SGI IRIX 6.5.22 |
| Not Vulnerable: | |
Discussion
SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality.
An attacker may leverage this issue to cause the affected utility to write data to any file on the affected computer with superuser privileges. Although unconfirmed, it is possible that this issue may be leveraged for privilege escalation.
It should be noted that although only SGI IRIX 6.5.22(maintenance) has been confirmed vulnerable, it is likely that all IRIX 6.5 versions are affected as well.
A local file overwrite vulnerability affects SGI IRIX. This issue is due to a failure of the affected utility to drop privileges prior to carrying out critical functionality.
An attacker may leverage this issue to cause the affected utility to write data to any file on the affected computer with superuser privileges. Although unconfirmed, it is possible that this issue may be leveraged for privilege escalation.
It should be noted that although only SGI IRIX 6.5.22(maintenance) has been confirmed vulnerable, it is likely that all IRIX 6.5 versions are affected as well.
Exploit / POC
SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
No exploit is required to leverage this issue. The following command will corrupt the '/etc/password' file on an affected computer:
gr_osview -s /etc/shadow
No exploit is required to leverage this issue. The following command will corrupt the '/etc/password' file on an affected computer:
gr_osview -s /etc/shadow
Solution / Fix
SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
Solution:
Reportedly the vendor has acknowledged this issue and released patches to address it. This cannot be confirmed currently. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Reportedly the vendor has acknowledged this issue and released patches to address it. This cannot be confirmed currently. Please contact the vendor for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
SGI IRIX GR_OSView Local Arbitrary File Overwrite Vulnerability
References:
References: