CVE-2000-0733

IRIX <6.1 - RCE

Title source: llm

Description

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Last Stage of Delirium · cremoteirix

https://www.exploit-db.com/exploits/20149

View Code ZIP pw:eip

References (3)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html

[Various Sources] ftp://sgigate.sgi.com/security/20000801-02-P

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/1572

Scores

EPSS 0.0561

EPSS Percentile 90.4%

Details

Status published

Products (18)

sgi/irix 5.2

sgi/irix 5.3 (2 CPE variants)

sgi/irix 6.0

sgi/irix 6.0.1 (2 CPE variants)

sgi/irix 6.1

sgi/irix 6.2

sgi/irix 6.3

sgi/irix 6.4

sgi/irix 6.5

sgi/irix 6.5.1

... and 8 more

Published Oct 20, 2000

Tracked Since Feb 18, 2026