EIP-2026-102327

PRE-CVE

SGI IRIX 6.2 - 'day5notifier' Local Privilege Escalation

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102327. PoCs published by Mike Neuman.

AI-analyzed exploit summary This exploit leverages a vulnerability in SGI's day5notifier program (Irix 6.2) where execve() calls are misused to spawn /bin/sh, allowing arbitrary command execution as root. The script creates a malicious crontab entry to copy /bin/sh as a setuid binary, granting root privileges.

Description

SGI IRIX 6.2 - 'day5notifier' Local Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mike Neuman · bashlocalirix
https://www.exploit-db.com/exploits/19273

This exploit leverages a vulnerability in SGI's day5notifier program (Irix 6.2) where execve() calls are misused to spawn /bin/sh, allowing arbitrary command execution as root. The script creates a malicious crontab entry to copy /bin/sh as a setuid binary, granting root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: SGI Irix 6.2 day5notifier
No auth needed
Prerequisites: Access to a vulnerable SGI Irix 6.2 system · day5notifier binary present at /var/www/htdocs/WhatsNew/CustReg/day5notifier
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026