| Vulnerability Name: | CVE-1999-1040 (CCN-7365) | ||||||||
| Assigned: | 1998-04-08 | ||||||||
| Published: | 1998-04-08 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: SGI Security Advisory 19980501-01-P2869 IRIX 6.3 NetWare Client 1.0 Vulnerabilities Source: SGI Type: Patch, Vendor Advisory 19980501-01-P Source: CCN Type: BugTraq Mailing List, Wed, 8 Apr 1998 18:48:55 -0400 SGI O2 ipx security issue Source: CCN Type: CIAC Information Bulletin I-055 SGI IRIX Vulnerabilities (NetWare Client, diskperf/diskalign) Source: CIAC Type: Patch, Vendor Advisory I-055 Source: MITRE Type: CNA CVE-1999-1040 Source: MITRE Type: CNA CVE-1999-1501 Source: BUGTRAQ Type: UNKNOWN 19980408 SGI O2 ipx security issue Source: CCN Type: OSVDB ID: 59330 IRIX NetWare Client ipxchk IFS Environment Variable Manipulation Local Privilege Escalation Source: CCN Type: OSVDB ID: 59331 IRIX NetWare Client ipxlink IFS Environment Variable Manipulation Local Privilege Escalation Source: CCN Type: BID-70 IRIX ipxchk Vulnerability Source: CCN Type: BID-71 IRIX ipxlink Vulnerability Source: CCN Type: SGI Service and Support Web site Security Source: XF Type: UNKNOWN irix-ipxchk-ipxlink-ifs-commands(7365) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||