Source: cve@mitre.org
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
Silicon Graphics IRIX systems are vulnerable to a critical local file disclosure vulnerability. Exploiting the colorview utility allows attackers to read arbitrary files, potentially exposing sensitive information like passwords, configuration files, and user data, leading to complete system compromise.
Step 1: Target Identification: The attacker identifies a vulnerable Silicon Graphics IRIX system running versions 5.1, 5.2, or 6.0.
Step 2: Payload Construction: The attacker crafts a command using the colorview utility with the -text argument, specifying the path to a target file they wish to read (e.g., /etc/passwd).
Step 3: Payload Execution: The attacker executes the crafted command on the target system, typically via a local shell or through a compromised account.
Step 4: File Disclosure: The colorview utility, due to the vulnerability, opens and displays the contents of the specified file, allowing the attacker to read its contents and extract sensitive information.
The vulnerability lies within the colorview utility in Silicon Graphics IRIX. The -text argument, intended for displaying text files, fails to properly sanitize user-supplied input. Specifically, the code likely uses a function to open and read the file specified by the -text argument without proper input validation. This allows an attacker to specify any file path, bypassing security checks and reading the contents of that file. The root cause is a lack of input validation and improper access control within the colorview utility. The program trusts the user-supplied filename, leading to the arbitrary file read vulnerability.
This vulnerability is likely attractive to attackers targeting legacy systems. While no specific APTs are directly tied to this CVE, any threat actor targeting systems running IRIX could leverage this. CISA KEV status: Not Listed.
Monitor system logs for suspicious colorview command executions, especially those using the -text argument with unusual file paths (e.g., /etc/passwd, /etc/shadow, .ssh/id_rsa).
Analyze process execution logs for instances of colorview accessing sensitive files.
Implement file integrity monitoring to detect unauthorized modifications to critical system files.
Upgrade to a patched version of IRIX (if available). Given the age of the system, this may not be possible.
Restrict access to the colorview utility. Limit who can execute this command.
Implement strong access controls to sensitive files, limiting read access to only authorized users and processes.
Consider network segmentation to isolate vulnerable systems from critical resources.
If possible, migrate data and services to a more secure and supported operating system.