Sgi Irix vulnerabilities

CVE-1999-0948 [HIGH] CVE-1999-0948: Buffer overflow in uum program for Canna input system allows local users to gain root privileges. Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

CVE-1999-0949 [HIGH] CVE-1999-0949: Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

CVE-1999-0692 [CRITICAL] CVE-1999-0692: The default configuration of the Array Services daemon (arrayd) disables authentication, allowing re The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

CVE-1999-1485 [MEDIUM] CVE-1999-1485: nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attack nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.

CVE-1999-0765 [CRITICAL] CVE-1999-0765: SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

CVE-1999-0413 [HIGH] CVE-1999-0413: A buffer overflow in the SGI X server allows local users to gain root access through the X server fo A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

CVE-1999-1181 [HIGH] CVE-1999-1181: Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

CVE-1999-1409 [LOW] CVE-1999-1409: The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbit The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

CVE-1999-0314 [HIGH] CVE-1999-0314: ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

CVE-1999-0313 [HIGH] CVE-1999-0313: disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using re disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

CVE-1999-0329 [HIGH] CVE-1999-0329: SGI mediad program allows local users to gain root access. SGI mediad program allows local users to gain root access.

CVE-1999-1492 [HIGH] CVE-1999-1492: Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrar Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows local attacker to create arbitrary root owned files, leading to root privileges.

CVE-1999-1039 [HIGH] CVE-1999-1039: Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise.

CVE-1999-0009 [CRITICAL] CVE-1999-0009: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVE-1999-1040 [HIGH] CVE-1999-1040: Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.

CVE-1999-1114 [HIGH] CVE-1999-1114: Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other op Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

CVE-1999-1501 [MEDIUM] CVE-1999-1501: (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variabl (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.

CVE-1999-0270 [MEDIUM] CVE-1999-0270: Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") fo Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

CVE-1999-1183 [HIGH] CVE-1999-1183: System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by pro System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.

CVE-1999-0003 [CRITICAL] CVE-1999-0003: Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).