|
| 1 | +[id] |
| 2 | +ave_id = "AVE-1999-0217" |
| 3 | +cve_id = "CVE-1999-0036" |
| 4 | +avd_id = "" |
| 5 | +other_ids = ["EDB-336"] |
| 6 | +aliases = ["CVE-1999-0036"] |
| 7 | + |
| 8 | +[basic] |
| 9 | +title = "SGI IRIX /bin/login 本地缓冲区溢出漏洞" |
| 10 | +description = "SGI IRIX 操作系统的 /bin/login 程序在处理 LOCKOUT 参数时存在缓冲区溢出漏洞。本地攻击者可利用此漏洞通过精心构造的登录请求触发缓冲区溢出,导致任意代码执行或以 root 权限破坏系统文件。攻击者需要具有本地系统访问权限,成功利用后可完全控制受影响的系统。" |
| 11 | +severity = "HIGH" |
| 12 | +score = 8.4 |
| 13 | +published = "1997-05-26" |
| 14 | +updated = "2024-08-01" |
| 15 | +sources = ["exploitdb", "nvd"] |
| 16 | + |
| 17 | +[affected] |
| 18 | +vendor = "sgi" |
| 19 | +product = "irix" |
| 20 | + |
| 21 | +[score] |
| 22 | +cvss_v2 = 7.2 |
| 23 | +cvss_v2_vector = "AV:L/AC:L/Au:N/C:C/I:C/A:C" |
| 24 | +cvss_v3 = 8.4 |
| 25 | +cvss_v3_vector = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" |
| 26 | + |
| 27 | +[remediation] |
| 28 | +fix = "升级 SGI IRIX 系统至安装安全补丁版本,或安装 SGI 官方安全公告 19970508-02-PX 提供的补丁。限制本地用户对系统的访问权限。" |
| 29 | + |
| 30 | +[exploit] |
| 31 | +poc = [{url = "https://www.exploit-db.com/exploits/336", description = "SGI IRIX /bin/login 本地缓冲区溢出 PoC", source = "exploitdb"}] |
| 32 | +exp = [{url = "https://www.exploit-db.com/exploits/336", description = "SGI IRIX /bin/login 本地缓冲区溢出 Exploit", source = "exploitdb"}] |
| 33 | + |
| 34 | +[references] |
| 35 | +nvd = "https://nvd.nist.gov/vuln/detail/CVE-1999-0036" |
| 36 | +other = [ |
| 37 | + "https://www.exploit-db.com/exploits/336", |
| 38 | + "ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX", |
| 39 | + "http://www.ciac.org/ciac/bulletins/h-106.shtml", |
| 40 | + "http://www.osvdb.org/990", |
| 41 | + "https://exchange.xforce.ibmcloud.com/vulnerabilities/557", |
| 42 | +] |
| 43 | + |
| 44 | +[meta] |
| 45 | +collected_at = "2026-07-11T00:00:00+00:00" |
| 46 | +status = "completed" |
| 47 | + |
| 48 | +[authenticity] |
| 49 | +cve_confidence = "high" |
| 50 | +poc_confidence = "high" |
| 51 | +notes = "Exploit-DB 收录了完整的本地提权利用代码,适用于 IRIX 5.3/6.2/6.3 等多个版本。David Hedley 于 1997 年公开。" |
0 commit comments