CVE-2002-0652

IRIX 6.5-6.5.16 - Remote Code Execution via XFSMD Popen Shell Metacharacter Injection

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0652. PoCs published by Last Stage of Delirium.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in the XFS RPC service (xfsmd) on IRIX systems. It leverages unsanitized input passed to popen() to execute arbitrary commands with root privileges or export file systems via NFS.

Description

xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().

Exploits (1)

exploitdb WORKING POC VERIFIED
by Last Stage of Delirium · cremoteirix
https://www.exploit-db.com/exploits/21571

This exploit targets a command injection vulnerability in the XFS RPC service (xfsmd) on IRIX systems. It leverages unsanitized input passed to popen() to execute arbitrary commands with root privileges or export file systems via NFS.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: IRIX xfsmd (versions 6.2, 6.3, 6.4, 6.5, 6.5.16)
No auth needed
Prerequisites: Network access to the vulnerable xfsmd service · DNS properly configured on the target host · NFS running if exporting file systems
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102459162909825&w=2
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I

Scores

EPSS 0.0915
EPSS Percentile 94.7%

Details

Status published
Products (17)
sgi/irix 6.5
sgi/irix 6.5.1
sgi/irix 6.5.2
sgi/irix 6.5.3
sgi/irix 6.5.4
sgi/irix 6.5.5
sgi/irix 6.5.6
sgi/irix 6.5.7
sgi/irix 6.5.8
sgi/irix 6.5.9
... and 7 more
Published Jul 03, 2002
Tracked Since Feb 18, 2026