Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1114 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Irix

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.6%

top 30.92%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Irix

Timeline

PublishedApr 8

Latest updateMay 3

Description

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsgi/irix12 versions+11

Patches

Patch: patches.sgi.com ↗Patch: ciac.llnl.gov ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fjg7-227f-7rfj: Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6↗2022-05-03

▶

CVEList

CVE-1999-1114: Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6↗2002-03-09

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 6.4 - 'suid_exec' Local Privilege Escalation↗1996-12-02

▶