SgiCVEs & Vulnerabilities

259 CVEs affecting Sgi products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

irix 2,246propack 86performance co-pilot 81samba 15mailx 9license oeo 3freeware 3mipspro compilers 2
CVE-2001-0796MEDIUM

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.

6 Dec 2001
5.0
CVSS
CVE-2001-0799CRITICAL

Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.

6 Dec 2001
10.0
CVSS
CVE-2001-0801HIGH

lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.

6 Dec 2001
7.2
CVSS
CVE-2001-0823HIGHpoc

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

6 Dec 2001
7.2
CVSS
CVE-2001-0800CRITICALpoc

lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.

6 Dec 2001
10.0
CVSS
CVE-2001-1456HIGH

Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.

4 Sep 2001
7.5
CVSS
CVE-2000-1193MEDIUMpoc

Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.

31 Aug 2001
5.0
CVSS
CVE-2001-0554CRITICALpoc

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

14 Aug 2001
10.0
CVSS
CVE-2001-0331HIGH

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

27 Jun 2001
7.5
CVSS
CVE-2001-0485HIGHpoc

Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.

27 Jun 2001
7.2
CVSS
CVE-2001-0248CRITICAL

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

18 Jun 2001
9.8
CVSS
CVE-2001-0249CRITICAL

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

18 Jun 2001
9.8
CVSS
CVE-2001-0247CRITICALpoc

Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

18 Jun 2001
10.0
CVSS
CVE-2000-0893MEDIUM

The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.

16 Feb 2001
5.0
CVSS
CVE-2000-0844CRITICALpoc

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

14 Nov 2000
10.0
CVSS
CVE-2000-0795HIGHpoc

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

20 Oct 2000
7.2
CVSS
CVE-2000-0798CRITICALpoc

The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.

20 Oct 2000
10.0
CVSS
CVE-2000-0799LOWpoc

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

20 Oct 2000
3.7
CVSS
CVE-2000-0796HIGHpoc

Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

20 Oct 2000
7.2
CVSS
CVE-2000-0797HIGHpoc

Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

20 Oct 2000
7.2
CVSS
CVE-2000-0794HIGHpoc

Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.

20 Oct 2000
7.2
CVSS
CVE-2000-0733CRITICALpoc

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

20 Oct 2000
10.0
CVSS
CVE-2000-0545MEDIUMpoc

Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.

8 Aug 2000
4.6
CVSS
CVE-2000-0578LOW

SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.

21 Jun 2000
3.7
CVSS
CVE-2000-0579LOW

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

21 Jun 2000
3.7
CVSS
CVE-2000-0533HIGH

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.

20 Jun 2000
7.2
CVSS
CVE-2000-0283MEDIUM

The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.

12 Apr 2000
6.4
CVSS
CVE-2000-0245CRITICALpoc

Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

27 Mar 2000
10.0
CVSS
CVE-2000-0207HIGHpoc

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

1 Mar 2000
7.5
CVSS
CVE-2000-1220CRITICALpoc

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

8 Jan 2000
10.0
CVSS
CVE-2000-1221CRITICALpoc

The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.

8 Jan 2000
10.0
CVSS
CVE-1999-1102LOW

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

31 Dec 1999
2.1
CVSS
CVE-2000-0013HIGHpoc

IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

31 Dec 1999
7.2
CVSS
CVE-1999-1066MEDIUM

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.

22 Dec 1999
5.0
CVSS
CVE-1999-0948HIGHpoc

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

2 Nov 1999
7.2
CVSS
CVE-1999-0949HIGHpoc

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

2 Nov 1999
7.2
CVSS
CVE-1999-0692CRITICAL

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

19 Jul 1999
10.0
CVSS
CVE-1999-1485MEDIUMpoc

nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.

31 May 1999
6.4
CVSS
CVE-1999-0765CRITICALpoc

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

19 May 1999
10.0
CVSS
CVE-1999-0413HIGH

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

1 Mar 1999
7.2
CVSS
CVE-1999-0461CRITICAL

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

28 Jan 1999
10.0
CVSS
CVE-1999-0215MEDIUMpoc

Routed allows attackers to append data to files.

26 Oct 1998
6.4
CVSS
CVE-1999-1181HIGH

Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

29 Sep 1998
7.2
CVSS
CVE-1999-1409LOWpoc

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

3 Jul 1998
2.1
CVSS
CVE-1999-0313HIGH

disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

1 Jul 1998
7.2
CVSS
CVE-1999-0314HIGHpoc

ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

1 Jul 1998
7.2
CVSS
CVE-1999-0329HIGH

SGI mediad program allows local users to gain root access.

1 Jun 1998
7.2
CVSS
CVE-1999-1039HIGH

Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise.

27 May 1998
7.2
CVSS