Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1461Irix vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.9%
top 24.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SGI Irix
Timeline
PublishedMay 7
Latest updateMay 3

Description

inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDsgi/irix6 versions+5

Patches

Patch: patches.sgi.comPatch: www.securityfocus.comPatch: patches.sgi.com

🔴Vulnerability Details

2
GHSA
GHSA-49q4-89v2-j76r: inpview in InPerson on IRIX 52022-05-03
CVEList
CVE-1999-1461: inpview in InPerson on IRIX 52001-09-12

💥Exploits & PoCs

1
Exploit-DB
SGI IRIX 6.4 - 'inpview' Local Privilege Escalation1997-05-07
CVE-1999-1461 — SGI Irix vulnerability | cvebase