Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1022 — Irix vulnerability

5 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

0.3%

top 43.49%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Irix

Timeline

PublishedOct 2

Latest updateApr 16

Description

serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsgi/irix4, 5.2, 5.3+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

VulDB

SGI IRIX 4/5.2/5.3 Serial Port Local Privilege Escalation (EDB-19351 / XFDB-2111)↗2026-04-16

▶

GHSA

GHSA-29g7-m78g-3fx6: serial_ports administrative program in IRIX 4↗2022-04-30

▶

CVEList

CVE-1999-1022: serial_ports administrative program in IRIX 4↗2001-09-12

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 5.2/5.3 - 'serial_ports' Local Privilege Escalation↗1994-02-02

▶