CVE-2000-0799 in IRIX
Summary
by MITRE
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/13/2024
The vulnerability described in CVE-2000-0799 represents a classic privilege escalation flaw affecting the inpview component within the InPerson application suite on SGI IRIX operating systems. This issue manifests specifically in versions ranging from IRIX 5.3 through IRIX 6.5.10, creating a persistent security weakness that local attackers can exploit to elevate their privileges from standard user level to administrative access. The vulnerability stems from improper handling of temporary files during the execution of inpview operations, particularly when the application creates or modifies files in the user's home directory.
The technical root cause of this vulnerability lies in the insecure creation of temporary files, specifically the .ilmpAAA file that inpview generates during its operation. When inpview executes, it creates this temporary file in the user's home directory without implementing proper security measures to prevent symbolic link attacks. This behavior aligns with CWE-377, which addresses the creation of temporary files with insecure permissions and the potential for symlink-based attacks. Attackers can exploit this weakness by creating a symbolic link with the same name as the temporary file (.ilmpAAA) pointing to a system file or configuration file that the application needs to modify. When inpview runs, it follows the symbolic link and modifies the target file with the privileges of the running process, typically root or a privileged user.
The operational impact of this vulnerability extends beyond simple privilege escalation, as it provides attackers with a reliable method to gain unauthorized administrative access to IRIX systems. This creates a significant risk for organizations running older SGI IRIX versions, as the attack requires minimal privileges to execute and can be performed by any local user. The attack vector is particularly dangerous because it leverages the legitimate functionality of the inpview application, making it difficult to detect through standard security monitoring. The vulnerability also demonstrates a lack of proper privilege separation and secure file handling practices, which are fundamental requirements in secure system design.
The attack scenario involves a local user creating a symbolic link in their home directory that points to a critical system file such as /etc/passwd or another privileged file. When the inpview application executes and attempts to create or modify the .ilmpAAA temporary file, it follows the symbolic link and modifies the target file with elevated privileges. This technique falls under the ATT&CK framework category of privilege escalation through exploitation of software vulnerabilities, specifically targeting weaknesses in temporary file handling and file system permissions. Organizations should consider implementing additional security controls such as proper file permission enforcement, secure temporary file creation practices, and regular system audits to detect and prevent such attacks. The vulnerability also highlights the importance of following secure coding practices that prevent predictable temporary file names and ensure proper validation of file paths, which are essential elements in preventing symlink-based attacks across operating systems.