CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SGI » Irix : Security Vulnerabilities (CVSS score >= 9)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1039 134 Exec Code 2010-05-20 2011-07-25
10.0
 None Remote Low Not required Complete Complete Complete
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
2 CVE-2004-0139 2005-01-10 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.
3 CVE-2003-0694 Exec Code Overflow 2003-10-06 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
4 CVE-2003-0575 Overflow +Priv 2003-08-27 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.
5 CVE-2003-0473 2003-08-07 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications.
6 CVE-2002-1584 +Priv 2002-12-27 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
7 CVE-2002-1318 DoS Exec Code Overflow 2002-12-11 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
8 CVE-2002-0359 +Priv 2002-07-03 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.
9 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
10 CVE-2001-0799 Exec Code Overflow 2001-12-06 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
11 CVE-2001-0797 Exec Code Overflow 2001-12-12 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
12 CVE-2001-0554 Exec Code Overflow 2001-08-14 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
13 CVE-2001-0247 Exec Code Overflow 2001-06-18 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
14 CVE-2000-1221 Bypass 2000-01-08 2009-02-28
10.0
 Admin Remote Low Not required Complete Complete Complete
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
15 CVE-2000-1220 Exec Code +Priv 2000-01-08 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
16 CVE-2000-0844 264 Exec Code 2000-11-14 2009-01-20
10.0
 Admin Remote Low Not required Complete Complete Complete
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
17 CVE-2000-0798 2000-10-20 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.
18 CVE-2000-0733 Exec Code 2000-10-20 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
19 CVE-2000-0245 2000-03-27 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
20 CVE-1999-1319 +Priv 1996-01-03 2008-09-10
10.0
 Admin Remote Low Not required Complete Complete Complete
Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.
21 CVE-1999-0765 1999-05-19 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.
22 CVE-1999-0692 +Priv 1999-07-19 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
23 CVE-1999-0461 1999-01-28 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
24 CVE-1999-0241 Exec Code 1995-11-01 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
25 CVE-1999-0208 Exec Code 1995-12-12 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
26 CVE-1999-0073 Bypass 1995-10-13 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.
27 CVE-1999-0018 Overflow 1997-12-05 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in statd allows root privileges.
28 CVE-1999-0009 Overflow 1998-04-08 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
29 CVE-1999-0003 Exec Code Overflow 1998-04-01 2008-09-09
10.0
 Admin Remote Low Not required Complete Complete Complete
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
Total number of vulnerabilities : 29   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.