CVE-1999-0039

Published: May 6, 1997Modified: Apr 16, 2026

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 3.9 / Impact: 3.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

Affected (7)

Products: Sgi: Irix

Sgi

1 product

Irix

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Sgi Irix	Version 5.0
Sgi Irix	Version 5.1
Sgi Irix	Version 5.2
Sgi Irix	Version 5.3
Sgi Irix	Version 6.1
Sgi Irix	Version 6.2
Sgi Irix	Version 6.3

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (10)

ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX (unsafe URL)

Source: cve@mitre.org

http://www.cert.org/advisories/CA-1997-12.html

Source: cve@mitre.org

US Government Resource

http://www.osvdb.org/235

Source: cve@mitre.org

http://www.securityfocus.com/bid/374

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/333

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX (unsafe URL)