CVE-2005-0113 - inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD envir

CVE-2005-0113

Summary

inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.

References

http://secunia.com/advisories/13858
http://securitytracker.com/id?1012894
http://www.idefense.com/application/poi/display?id=182&type=vulnerabilities
http://www.osvdb.org/12915
http://www.securityfocus.com/bid/12259
https://exchange.xforce.ibmcloud.com/vulnerabilities/18894

Vulnerable Configurations

cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	12259
idefense	20050113 SGI IRIX inpview Design Error Vulnerability
osvdb	12915
sectrack	1012894
secunia	13858
xf	irix-inpview-gain-privileges(18894)

Last major update

11-07-2017 - 01:32

Published

14-01-2005 - 05:00

Last modified

11-07-2017 - 01:32