CVE-1999-1501 — Irix vulnerability

3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 77.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SGI Irix

Timeline

PublishedApr 8

Latest updateApr 30

Description

(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDsgi/irix6.3

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-442g-whj9-hm26: (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6↗2022-04-30

▶

CVEList

CVE-1999-1501: (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6↗2001-09-12

▶