Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0733Use of Externally-Controlled Format String in Irix

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
5.6%
top 9.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SGI Irix
Timeline
PublishedOct 20
Latest updateMay 3

Description

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDsgi/irix18 versions+17

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-79jr-hhg4-h2jm: Telnetd telnet server in IRIX 52022-05-03
CVEList
CVE-2000-0733: Telnetd telnet server in IRIX 52000-10-13

💥Exploits & PoCs

1
Exploit-DB
IRIX 5.2/5.3/6.x - TelnetD Environment Variable Format String2000-07-01
CVE-2000-0733 — SGI Irix vulnerability | cvebase