Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2925

4 documents4 sources

Severity

7.2HIGH

EPSS

0.2%

top 58.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SGI Irix

Timeline

PublishedOct 12

Latest updateMay 3

Description

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDsgi/irix6.5.22

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-5gc3-j88p-jmj3: runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a↗2022-05-03

▶

CVEList

CVE-2005-2925: runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a↗2005-10-11

▶

💥Exploits & PoCs

Exploit-DB

SGI IRIX 6.5.28 - 'runpriv' Design Error↗2005-10-10

▶