Vulnerability Note VU#20851
SGI IRIX df buffer overflow in directory argument
The df program is used to display statistics about the amount of used and free disc space on a set of mounted file systems. Alternately, it can be used to check on the amount of space available on unmounted block devices which may be specified by some path.
This vulnerability may allow local users to gain root privileges.
Apply the patched provided by SGI.
1. Remove setuid perms, and execute perms from df.
% chmod u-s `which df`
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SGI||Affected||-||22 Jun 1998|
|SGI||Affected||-||15 Dec 2000|
CVSS Metrics (Learn More)
This document was written by Jeff S Havrilla.
- CVE IDs: CVE-1999-0025
- CERT Advisory: CA-1997-21
- Date Public: 24 May 97
- Date First Published: 15 Dec 2000
- Date Last Updated: 15 Dec 2000
- Severity Metric: 14.06
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.