Sgi Irix vulnerabilities

CVE-1999-0960 [HIGH] CVE-1999-0960: IRIX cdplayer allows local users to create directories in arbitrary locations via a command line opt IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.

CVE-1999-1272 [HIGH] CVE-1999-1272: Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges. Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.

CVE-1999-0328 [HIGH] CVE-1999-0328: SGI permissions program allows local users to gain root privileges. SGI permissions program allows local users to gain root privileges.

CVE-1999-0327 [LOW] CVE-1999-0327: SGI syserr program allows local users to corrupt files. SGI syserr program allows local users to corrupt files.

CVE-1999-1131 [MEDIUM] CVE-1999-1131: Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.

CVE-1999-0148 [HIGH] CVE-1999-0148: The handler CGI program in IRIX allows arbitrary command execution. The handler CGI program in IRIX allows arbitrary command execution.

CVE-1999-1399 [HIGH] CVE-1999-1399: spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by se spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.

CVE-1999-0059 [HIGH] CWE-200 CVE-1999-0059: IRIX fam service allows an attacker to obtain a list of all files on the server. IRIX fam service allows an attacker to obtain a list of all files on the server.

CVE-1999-1143 [HIGH] CVE-1999-1143: Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain p Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.

CVE-1999-0036 [HIGH] CWE-434 CVE-1999-0036: IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files. IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

CVE-1999-1232 [HIGH] CVE-1999-1232: Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.

CVE-1999-1286 [HIGH] CVE-1999-1286: addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file.

CVE-1999-1410 [MEDIUM] CVE-1999-1410: addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.

CVE-1999-1461 [HIGH] CVE-1999-1461: inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find a inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.

CVE-1999-1067 [MEDIUM] CVE-1999-1067: SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.

CVE-1999-1398 [MEDIUM] CVE-1999-1398: Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.

CVE-1999-0039 [HIGH] CWE-77 CVE-1999-0039: webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

CVE-1999-1116 [HIGH] CVE-1999-1116: Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 all Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.

CVE-1999-0040 [HIGH] CVE-1999-0040: Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVE-1999-0038 [HIGH] CWE-120 CVE-1999-0038: Buffer overflow in xlock program allows local users to execute commands as root. Buffer overflow in xlock program allows local users to execute commands as root.