CVE-1999-1384

Indigo Magic System Tour - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1384. PoCs published by Tun-Hui Hu.

AI-analyzed exploit summary This exploit leverages a vulnerability in the Systour and OutOfBox subsystems of IRIX 5.x and 6.x to execute arbitrary commands as root. It manipulates the installation process by creating a malicious exit script that sets the SUID bit on a copied shell.

Description

Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tun-Hui Hu · textlocalirix
https://www.exploit-db.com/exploits/19356

This exploit leverages a vulnerability in the Systour and OutOfBox subsystems of IRIX 5.x and 6.x to execute arbitrary commands as root. It manipulates the installation process by creating a malicious exit script that sets the SUID bit on a copied shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: IRIX 5.x, 6.x (Systour/OutOfBox subsystems)
Auth required
Prerequisites: Local user access on the target IRIX system
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=87602167420095&w=2
Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_auscert
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7456.php
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/470
Patch, Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I

Scores

EPSS 0.0162
EPSS Percentile 73.3%

Details

Status published
Products (12)
sgi/irix 5
sgi/irix 5.0
sgi/irix 5.0.1
sgi/irix 5.1
sgi/irix 5.1.1
sgi/irix 5.2
sgi/irix 5.3 (2 CPE variants)
sgi/irix 6.0
sgi/irix 6.0.1 (2 CPE variants)
sgi/irix 6.1
... and 2 more
Published Oct 30, 1996
Tracked Since Feb 18, 2026