Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1384Irix vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.6%
top 29.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SGI Irix
Timeline
PublishedOct 30
Latest updateMay 3

Description

Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsgi/irix6.3+11

Patches

Patch: ftp.auscert.org.auPatch: patches.sgi.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-5g4r-8w5q-c4xj: Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 52022-05-03
CVEList
CVE-1999-1384: Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 52002-03-09

💥Exploits & PoCs

1
Exploit-DB
SGI IRIX 6.3 - 'Systour' / 'OutOfBox' Local Privilege Escalation1996-10-30
CVE-1999-1384 — SGI Irix vulnerability | cvebase