SGI IRIX 6.5.20 ftp_syslog

Summaryinfo

A vulnerability has been found in SGI IRIX 6.5.20 and classified as problematic. This vulnerability affects the function ftp_syslog. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2004-1891. There is no exploit available.

Detailsinfo

A vulnerability was found in SGI IRIX 6.5.20 (Operating System). It has been rated as problematic. Impacted is integrity. The summary by CVE is:

The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn t work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.

The issue has been introduced in 05/01/2003. The weakness was shared 12/31/2004 (Website). The advisory is shared at patches.sgi.com. The identification of this vulnerability is CVE-2004-1891 since 05/04/2005. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are known, but no exploit is available.

The vulnerability was handled as a non-public zero-day exploit for at least 610 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entry VDB-21715 is related to this item. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Type

• Operating System

Vendor

• SGI

Name

• IRIX

Version

• 6.5.20

License

• commercial

Support

• end of life (old version)

Website

• Vendor: http://www.sgi.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion