VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 3, 2002· Updated Jun 16, 2026

CVE-2002-0652

CVE-2002-0652

Description

xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • Sgi/Irix17 versions
    cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
    • cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
  • Sgi/xfsmdllm-create
    Range: <=6.5.16

Patches

Vulnerability mechanics

Root cause

"The xfsmd service does not properly sanitize arguments passed to the popen() function, allowing shell metacharacters to be injected."

Attack vector

An attacker can send specially crafted arguments to the xfsmd service, which are then passed to the popen() function without proper sanitization. By embedding shell metacharacters such as ';' or '|' within these arguments, an attacker can execute arbitrary commands on the remote host with root privileges. The exploit requires that DNS is properly configured on the attacked host, and if file systems are to be exported, the NFS subsystem must be running [ref_id=1].

Affected code

The vulnerability lies within the implementation of remote procedure calls in xfsmd, specifically where the popen() libc function is used. Arguments passed to these RPCs are included in the command string passed to popen() without sanitization [ref_id=1].

What the fix does

The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance suggests updating to a version where the vulnerability is no longer present, but specific details on the fix are not available in the provided information.

Preconditions

  • networkThe attacker must be able to reach the xfsmd service over the network.
  • configDNS must be properly configured on the attacked host [ref_id=1].
  • configIf exporting file systems, the NFS subsystem must be running on the vulnerable system [ref_id=1].

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.