CVE-1999-1461

Published: May 7, 1997Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.

Affected (6)

Products: Sgi: Irix

Sgi

1 product

Irix

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Sgi Irix	Version 5.3
Sgi Irix	Version 6.1
Sgi Irix	Version 6.2
Sgi Irix	Version 6.3
Sgi Irix	Version 6.4
Sgi Irix	Version 6.5.10

References (6)

ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I (unsafe URL)

Source: cve@mitre.org

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=87602167420921&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/381

Source: cve@mitre.org

ExploitPatchVendor Advisory

ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://marc.info/?l=bugtraq&m=87602167420921&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/381

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

Timeline

No history available yet.