| Vulnerability Name: | CVE-1999-1461 (CCN-5065) | ||||||||
| Assigned: | 1997-05-07 | ||||||||
| Published: | 1997-05-07 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: CCN Type: SGI Security Advisory 20001101-01-I InPerson Vulnerabilities Source: SGI Type: Patch, Vendor Advisory 20001101-01-I Source: CCN Type: BugTraq Mailing List, Wed, 7 May 1997 05:48:00 -0500 Irix: misc Source: CCN Type: BugTraq Mailing List, Wed Aug 02 2000 - 14:24:31 CDT [LSD] some unpublished LSD exploit codes Source: MITRE Type: CNA CVE-1999-1461 Source: MITRE Type: CNA CVE-2000-0799 Source: CCN Type: Last Stage of Delirium Research Group /usr/lib/InPerson/inpview Source: BUGTRAQ Type: UNKNOWN 19970507 Irix: misc Source: CCN Type: OSVDB ID: 1486 IRIX inpview .ilmpAAA Symlink Local Privilege Escalation Source: CCN Type: OSVDB ID: 59290 IRIX InPerson inpview Path Subversion Local Privilege Escalation Source: CCN Type: BID-1530 IRIX inpview Race Condition Vulnerability Source: BID Type: Exploit, Patch, Vendor Advisory 381 Source: CCN Type: BID-381 IRIX inpview Vulnerability Source: XF Type: UNKNOWN irix-inpview-symlink(5065) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||