CVE-2005-2925

SGI IRIX - Local Command Execution via runpriv Shell Metacharacter Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2925. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in the `runpriv` utility to execute arbitrary commands with elevated privileges. It appends a new root user to `/etc/passwd` and then switches to this user to modify the passwd file further.

Description

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · bashlocalirix

https://www.exploit-db.com/exploits/1577

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in the `runpriv` utility to execute arbitrary commands with elevated privileges. It appends a new root user to `/etc/passwd` and then switches to this user to modify the passwd file further.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: runpriv (likely on Solaris or similar Unix systems)

No auth needed

Prerequisites: Access to a system with vulnerable `runpriv` utility · Ability to execute `/usr/sysadm/bin/runpriv`

MITRE ATT&CK