SGI IRIX cvconnect File Overwrite Vulnerability

SGI's WorkShop Debugger and Performance tools is a optional package for IRIX that provides tools for debugging programs. It ships with a binary that other parts of the package invoke (it is not meant to be executed by regular users) called cvconnect. cvconnect is setuid root and has a vulnerability that allows users to overwrite any files on the filesystem. This can be exploited by an attacker to gain root priviliges locally.


Privacy Statement
Copyright 2010, SecurityFocus