3 matches found
CVE-2014-7302
The CVE-2014-7302 entry concerns SGI Tempo on SGI ICE-X systems where the /opt/sgi/sgimc/bin/vx binary has insecure SUID root permissions (example: -rwsr-sr-x 1 root root). This allows low-privileged local users to escalate to root by executing vx and applying its permission-changing capabilities...
CVE-2014-7303
SGI Tempo on SGI ICE-X systems stored backups of the system configuration database with insecure file permissions (world-readable) on /etc/dbdump.db, enabling local users to read password hashes and other sensitive data. Affected components/requisites include the database dumps produced by Tempo ...
CVE-2014-7301
SGI Tempo (SGI ICE-X) is affected by CVE-2014-7301 due to insecurely set permissions on /etc/odapw, allowing local users to read the file and access password data for the system database (oscar). Root cause is world-readable permissions on the /etc/odapw file, enabling read access to sensitive cr...