• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010831 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20060623)
Votes (Legacy)
ACCEPT(1) Frech
NOOP(3) Christey, Cole, Foat
Comments (Legacy)
 Christey> CHANGE DESC: "via a symlink attack on the printers temporary file."
   Add 5.3 as another affected version.
   SGI:19961203-02-PX may solve this problem, but the advisory is so
   vague that it is uncertain whether this was fixed or not. addnetpr is
   not specifically named in the advisory, which names netprint, which is
   not specified in the original Bugtraq post. In addition, the date on
   the advisory is one day earlier than that of the Bugtraq post, though
   that could be a difference in time zones. It seems plausible that the
   problem had already been patched (the researcher did say "There *was*
   [a] race condition") so maybe SGI released this advisory after the
   problem was publicized.
   Note: this is a dupe of CVE-1999-1410, but CVE-1999-1410 will
   be rejected in favor of CVE-1999-1286.

Proposed (Legacy)
This is an entry on the CVE list, which standardizes names for security problems.