VULHUB ™

The SGI O2 workstation integrates high-quality graphics and powerful processing with built-in video. It runs the 6.5 series of the IRIX operating system. The VCP (Video Control Panel) provides a graphical user interface for configuring the certain types of video cards on various SGI systems. When the Default Input is set to "Output Video" using the VCP interface, it is possible for a user to launch videoout and then videoin to view events that are happening on the screen of the vulnerable host. The attacker may view the session of the user who is currently physically logged in to the host. Any xhosts or xauth settings on the host are bypassed. The attacker must have local access to the system for this issue to be exploited. This may lead to a disclosure of sensitive information. It should be noted that this issue is exclusive to all SGI O2 systems. Other SGI systems are not affected.

The SGI O2 workstation integrates high-quality graphics and powerful processing with built-in video. It runs the 6.5 series of the IRIX operating system. The VCP (Video Control Panel) provides a graphical user interface for configuring the certain types of video cards on various SGI systems. When the Default Input is set to "Output Video" using the VCP interface, it is possible for a user to launch videoout and then videoin to view events that are happening on the screen of the vulnerable host. The attacker may view the session of the user who is currently physically logged in to the host. Any xhosts or xauth settings on the host are bypassed. The attacker must have local access to the system for this issue to be exploited. This may lead to a disclosure of sensitive information. It should be noted that this issue is exclusive to all SGI O2 systems. Other SGI systems are not affected.