Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

Routed allows attackers to append data to files.

Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

SGI mediad program allows local users to gain root access.

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.

Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.