SGI : Security Vulnerabilities, CVEs, Published In 1999

IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.