CVE-2000-0799

SGI IRIX <6.5.10 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0799. PoCs published by Last Stage of Delirium.

AI-analyzed exploit summary This exploit leverages a race condition in IRIX's inpview to overwrite arbitrary files via predictable temporary filenames in /var/tmp. It symlinks a target file to the temporary file, forcing inpview to overwrite it with rw-rw-rw permissions.

Description

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Last Stage of Delirium · clocalirix
https://www.exploit-db.com/exploits/20130

This exploit leverages a race condition in IRIX's inpview to overwrite arbitrary files via predictable temporary filenames in /var/tmp. It symlinks a target file to the temporary file, forcing inpview to overwrite it with rw-rw-rw permissions.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: InPerson inpview on IRIX 6.5, 6.5.8
No auth needed
Prerequisites: Access to the target system · Ability to execute the exploit binary · /usr/lib/InPerson/inpview must be present
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1530
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5065

Scores

EPSS 0.0075
EPSS Percentile 50.1%

Details

Status published
Products (10)
sgi/irix 6.5
sgi/irix 6.5.1
sgi/irix 6.5.2m
sgi/irix 6.5.3
sgi/irix 6.5.3f
sgi/irix 6.5.3m
sgi/irix 6.5.4
sgi/irix 6.5.6
sgi/irix 6.5.7
sgi/irix 6.5.8
Published Oct 20, 2000
Tracked Since Feb 18, 2026