gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Irix | Sgi | 6.5.22 (including) | 6.5.22 (including) |
References
- ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P
- http://secunia.com/advisories/14875
- http://securitytracker.com/id?1013662
- http://www.idefense.com/application/poi/display?id=226\u0026type=vulnerabilities
- http://www.osvdb.org/15351
- ftp://patches.sgi.com/support/free/security/advisories/20050402-01-P
- http://secunia.com/advisories/14875
- http://securitytracker.com/id?1013662
- http://www.idefense.com/application/poi/display?id=226\u0026type=vulnerabilities
- http://www.osvdb.org/15351