Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.
CVE Informations
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 4.6 | AV:L/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 20263
Publication date : 1995-03-01 23h00 +00:00
Author : Larry Glaze
EDB Verified : Yes
source: https://www.securityfocus.com/bid/1751/info
The IRIX's /usr/lib/desktop/permissions tool is a suid and sgid root applications normally used by users to modify permissions of their files and files they are privileged for. A vulnerability in the permissions tool allows local malicious users to modify the permissions of any file on the system.
This is SGI SCR # 265071.
If you attempt to change the permissions of a file you don't have privileges for the permissions tool will prompt you for the name and password of a privileged user. But the permission changes are made to the target file before the tool prompts you for the password if you double click "Apply".
Run /usr/lib/desktop/permissions aganist the file which permissions you want to modify. Change the permissions. Click on the 'Apply' button twice before the dialog box appears asking you for a username and password. Click the 'Cancel' button.
Products Mentioned
Configuraton 0
Sgi>>Irix >> Version To (including) 6.0.1
- Sgi>>Irix >> Version - (Open CPE detail)
- Sgi>>Irix >> Version 4.0.1 (Open CPE detail)
- Sgi>>Irix >> Version 4.0.1t (Open CPE detail)
- Sgi>>Irix >> Version 4.0.2 (Open CPE detail)
- Sgi>>Irix >> Version 4.0.3 (Open CPE detail)
- Sgi>>Irix >> Version 4.0.4 (Open CPE detail)
- Sgi>>Irix >> Version 4.0.4b (Open CPE detail)
- Sgi>>Irix >> Version 4.0.4t (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5 (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5_iop (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5a (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5b (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5d (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5e (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5f (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5g (Open CPE detail)
- Sgi>>Irix >> Version 4.0.5h (Open CPE detail)
- Sgi>>Irix >> Version 5.0.1 (Open CPE detail)
- Sgi>>Irix >> Version 5.1 (Open CPE detail)
- Sgi>>Irix >> Version 5.1.1 (Open CPE detail)
- Sgi>>Irix >> Version 5.2 (Open CPE detail)
- Sgi>>Irix >> Version 5.3 (Open CPE detail)
- Sgi>>Irix >> Version 5.3 (Open CPE detail)
- Sgi>>Irix >> Version 6.0 (Open CPE detail)
- Sgi>>Irix >> Version 6.0.1 (Open CPE detail)
- Sgi>>Irix >> Version 6.0.1 (Open CPE detail)
Sgi>>Irix >> Version 5.2
- Sgi>>Irix >> Version 5.2 (Open CPE detail)
Sgi>>Irix >> Version 6.0
- Sgi>>Irix >> Version 6.0 (Open CPE detail)
References
http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Tags : third-party-advisory, government-resource, x_refsource_CIAC
Tags : third-party-advisory, government-resource, x_refsource_CIAC
ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Tags : vendor-advisory, x_refsource_SGI
Tags : vendor-advisory, x_refsource_SGI
