[prev in list] [next in list] [prev in thread] [next in thread]
List: best-of-security
Subject: BoS: SGI Security Advisory 19960101-01-PX
From: "SGI Security Coordinator" <agent99 () boytoy ! csd ! sgi ! com>
Date: 1996-01-03 22:32:32
[Download RAW message or body]
FOR PUBLIC RELEASE
-----BEGIN PGP SIGNED MESSAGE-----
________________________________________________________________________________
Silicon Graphics Inc. Security Advisory
Title: Object Server Vulnerability
Number: 19960101-01-PX
Date: January 3, 1996
________________________________________________________________________________
Silicon Graphics provides this information freely to the SGI community
for its consideration, interpretation and implementation. Silicon Graphics
recommends that this information be acted upon as soon as possible.
Silicon Graphics will not be liable for any consequential damages arising
from the use of, or failure to use or use properly, any of the instructions
or information in this Security Advisory.
________________________________________________________________________________
As part of Silicon Graphics continued security improvement efforts, Silicon
Graphics has discovered a security vulnerability within the object server
program used in the IRIX 5.x and IRIX 6.x operating systems. SGI has
investigated this issue and recommends the following steps for neutralizing
the exposure. It is HIGHLY RECOMMENDED that these measures be implemented
on ALL SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1 and 6.1. This issue
will be corrected in future releases of IRIX.
- --------------
- --- Impact ---
- --------------
Provided with the correct network configuration and SGI environment, both
local and remote users may be able to become root on a targeted SGI system.
- ----------------
- --- Solution ---
- ----------------
The solution for this issue is a replacement of the object server program
and assistant programs for those versions that are vulnerable. The
following patches have been generated for those versions vulnerable and
are freely provided to the SGI community.
**** IRIX 3.x ****
This version of IRIX is not vulnerable. No action is required.
**** IRIX 4.x ****
This version of IRIX is not vulnerable. No action is required.
**** IRIX 5.0.x, 5.1.x ****
For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade
to 5.2 or better is required first. When the upgrade is completed,
then the patches described in the next sections "**** IRIX 5.2, 6.0,
6.0.1 ***" or "**** IRIX 5.3 ****" or "**** IRIX 6.1 ****" can be
applied depending on the final version of upgrade.
**** IRIX 5.2, 6.0, 6.0.1 ****
For the IRIX operating system versions 5.2, 6.0, and 6.0.1, an inst-able
patch has been generated and made available via anonymous ftp and/or your
service/support provider. The patch is number 1052 and will only install
on IRIX versions 5.2, 6.0, and 6.0.1 .
The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch
1052 can be found in the following directories on the ftp server:
~ftp/Security
or
~ftp/Patches/5.2
~ftp/Patches/6.0
~ftp/Patches/6.0.1
##### Checksums ####
The actual patch will be a tar file containing the following files:
Filename: README.patch.1052
Algorithm #1 (sum -r): 16512 8 README.patch.1052
Algorithm #2 (sum): 59284 8 README.patch.1052
MD5 checksum: 4E8FA3A3305C68BC18EC52564C6B2AED
Filename: patchSG0001052
Algorithm #1 (sum -r): 51587 1 patchSG0001052
Algorithm #2 (sum): 32069 1 patchSG0001052
MD5 checksum: E0E3487A8A36A8B854BD704E35CA7245
Filename: patchSG0001052.cadmin_sw
Algorithm #1 (sum -r): 63062 548 patchSG0001052.cadmin_sw
Algorithm #2 (sum): 51720 548 patchSG0001052.cadmin_sw
MD5 checksum: E8612BF40C60DBC9D7A90FAC6F8EF102
Filename: patchSG0001052.idb
Algorithm #1 (sum -r): 07247 1 patchSG0001052.idb
Algorithm #2 (sum): 40615 1 patchSG0001052.idb
MD5 checksum: 580F688D98950F250BF47AC82EB91FFB
**** IRIX 5.3 ****
For the 5.3 IRIX operating system, an inst-able patch has been generated
and made available via anonymous ftp and/or your service/support provider.
The patch is number 1048 and will only install on IRIX 5.3 .
The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch
1048 can be found in the following directories on the ftp server:
~ftp/Security
or
~ftp/Patches/5.3
##### Checksums ####
The actual patch will be a tar file containing the following files:
Filename: README.patch.1048
Algorithm #1 (sum -r): 37177 9 README.patch.1048
Algorithm #2 (sum): 1825 9 README.patch.1048
MD5 checksum: D0CE2B1132B417F3B9215AA9F85CA073
Filename: patchSG0001048
Algorithm #1 (sum -r): 42189 4 patchSG0001048
Algorithm #2 (sum): 56038 4 patchSG0001048
MD5 checksum: 456BF186B65A56EA413E9E7AD4BDE17A
Filename: patchSG0001048.cadmin_sw
Algorithm #1 (sum -r): 47788 698 patchSG0001048.cadmin_sw
Algorithm #2 (sum): 55041 698 patchSG0001048.cadmin_sw
MD5 checksum: 7E3239ED9F110567B02176EC16B93F94
Filename: patchSG0001048.eoe1_sw
Algorithm #1 (sum -r): 53666 12 patchSG0001048.eoe1_sw
Algorithm #2 (sum): 30809 12 patchSG0001048.eoe1_sw
MD5 checksum: 32F087EB64444279DF865D104664BE47
Filename: patchSG0001048.eoe2_sw
Algorithm #1 (sum -r): 01942 132 patchSG0001048.eoe2_sw
Algorithm #2 (sum): 33035 132 patchSG0001048.eoe2_sw
MD5 checksum: E5242DE17431D40BC5FCD49925BE3283
Filename: patchSG0001048.idb
Algorithm #1 (sum -r): 37645 2 patchSG0001048.idb
Algorithm #2 (sum): 10420 2 patchSG0001048.idb
MD5 checksum: 460C69356D5AA920978F7A9FF49A4612
**** IRIX 6.1 ****
For the IRIX operating system version 6.1, an inst-able patch has
been generated and made available via anonymous ftp and/or your
service/support provider. The patch is number 1090 and will
install on IRIX 6.1 .
The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch
1090 can be found in the following directories on the ftp server:
~ftp/Security
or
~ftp/Patches/6.1
##### Checksums ####
The actual patch will be a tar file containing the following files:
Filename: README.patch.1090
Algorithm #1 (sum -r): 28420 8 README.patch.1090
Algorithm #2 (sum): 59862 8 README.patch.1090
MD5 checksum: 7CA042E478210D2E90A93F9B71D31455
Filename: patchSG0001090
Algorithm #1 (sum -r): 38512 1 patchSG0001090
Algorithm #2 (sum): 37227 1 patchSG0001090
MD5 checksum: 7A266E0BFCE18322F7034BB4520C6824
Filename: patchSG0001090.cadmin_sw
Algorithm #1 (sum -r): 45703 689 patchSG0001090.cadmin_sw
Algorithm #2 (sum): 29950 689 patchSG0001090.cadmin_sw
MD5 checksum: 9EB38D49CDDF439EE1110797FEC5BC6B
Filename: patchSG0001090.idb
Algorithm #1 (sum -r): 46990 1 patchSG0001090.idb
Algorithm #2 (sum): 40298 1 patchSG0001090.idb
MD5 checksum: 05E8F138BF0331BFEF8454074519F40A
- ------------------------
- --- Acknowledgments ---
- ------------------------
Silicon Graphics wishes to thank Kari E. Hurtta, FIRST members and
CERT organizations worldwide for their assistance in this matter.
- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------
Past SGI Advisories and security patches can be obtained via
anonymous FTP from sgigate.sgi.com or mirror site ftp.sgi.com .
These security patches and advisories are provided freely to
all interested parties. For issues with the patches on the
FTP sites, email can be sent to cse-security-alert@csd.sgi.com .
For assistance obtaining or working with security patches, please
contact your SGI support provider.
If there are questions about this document, email can be sent to
cse-security-alert@csd.sgi.com .
For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contacting your SGI support provider.
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAwUBMOsB8rQ4cFApAP75AQFOlQP7Bgk7XFq+eXF9BxcaR2RBN1i7qJq/tVqh
eMoswM9E55sRKgQa0pzjnpXjTcr0lgBfnof+PvQ5zmDGK9f/AQ+RcjagHtm4+3rC
zvTzZd9epcAaLI5ylOx6AISWw9tBAwrL+FVtadQmvApEOW/9UcsyEedNO8gVI8hq
gAwBxwRhSIk=
=LA2k
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic