|
SGI IRIX rpc.xfsmd Remote Command Execution Vulnerability
Throghout the implementation of the supported remote procedure calls, the server uses the popen() libc function. When popen() is used, arguments passed to the RPC are included in the command string. These arguments are not sanitized. If shell metacharacters, such as ";" and "|" are embedded in the remotely supplied arguments, additional commands may be executed. These commands will run with root privileges. |
|
 Privacy Statement |
