SGI help system and print manager can lead to root access
| sgi-prn-mgr (511) |  High Risk |
Description:
A vulnerability exists in the SGI help system and print manager, enabling users to get unauthorized root access if they can log into an account on the system or get physical access to the system console.
Consequences:
Gain Privileges
Remedy:
IRIX versions 5.1.x and 5.2 are no longer supported by SGI. It is recommended users upgrade to at least 5.3, which corrects this vulnerability and several others. See References.
References:
- AusCERT Advisory AA-94.04a: SGI IRIX 5.x sgihelp vulnerability.
- CERT Advisory CA-1994-13: SGI IRIX Help Vulnerability.
- CIAC Information Bulletin E-33: Vulnerabilities in the SGI IRIX Help System.
- BID-468: IRIX sgihelp Vulnerability
- CVE-1999-1219: Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command.
Platforms Affected:
- SGI IRIX 5.1
- SGI IRIX 5.2
Reported:
Aug 01, 1994
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net