IRIX patch 5424 (20040104-01:Userland binary vulnerability)

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
shumiyao
Posts: 96
Joined: Mon Oct 27, 2003 9:47 am
Location: Cognacq Jay - 7ème de Paris

IRIX patch 5424 (20040104-01:Userland binary vulnerability)

Unread postby shumiyao » Sat Jan 31, 2004 5:10 pm

Hello to all,

SGI recently released a security patch for IRIX version from 6.5.18m to 6.5.22.

http://www.securityfocus.com/archive/1/ ... 04-02-02/0

- -----------------------
- --- Issue Specifics ---
- -----------------------

It has been reported thru various channel that there are several
vulnerabilities affecting applications on IRIX.

* html2ps vulnerability (SGI BUG 871671)
- http://www.suse.com/de/security/2002_04 ... ml2ps.html

* Safe.pm security hole (SGI BUG 876818)
- http://use.perl.org/articles/02/10/06/1 ... html?tid=5

* gzexe and gznew predicatble tmp files (SGI BUG 892846)
- http://www.debian.org/security/2003/dsa-308

* libdesktopicon.so buffer overflow (SGI BUG 902169)
- http://www.lsd-pl.net/

* gr_osview buffer overflow (SGI BUG 902173)
- http://www.lsd-pl.net/

SGI has investigated the issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. This issue has been corrected in future releases of IRIX.


BTW, is there anyone who got a problem after installing this patch?

User avatar
ShadeOfBlue
Moderator
Moderator
Posts: 799
Joined: Tue Nov 25, 2003 12:09 pm
Location: Europe

Unread postby ShadeOfBlue » Sun Feb 01, 2004 2:24 am

This patch is known to cause problems with the X server (or maybe 4Dwm, can't remember...).
SGI says that a fix is on the way, so a replacement patch should be available soon.

User avatar
shumiyao
Posts: 96
Joined: Mon Oct 27, 2003 9:47 am
Location: Cognacq Jay - 7ème de Paris

Unread postby shumiyao » Sun Feb 01, 2004 2:38 am

Thank you, ShadeOfBlue.

I was wondering if this caused gr_osview to stop working with error saying "cannot map libGLFM.so" error. I will wait and see if this will be fixed.

coredog64
Posts: 324
Joined: Tue May 20, 2003 5:02 pm
Location: Phoenix, AZ
Contact:

Unread postby coredog64 » Sun Feb 01, 2004 11:51 pm

I was wondering if this caused gr_osview to stop working with error


That's SGI's easy fix -- can't cause a buffer overflow in a program that isn't running :wink:

User avatar
ShadeOfBlue
Moderator
Moderator
Posts: 799
Joined: Tue Nov 25, 2003 12:09 pm
Location: Europe

Unread postby ShadeOfBlue » Thu Feb 05, 2004 10:37 pm

It seems they fixed it...

The original patch 5424 had two library mismatches causing 4Dwm to hang
with rld errors appearing in SYSLOG and problems with gr_osview. New patches
5473 and 5474 have been released to fix these issues. (SGI BUG 908652)

User avatar
shumiyao
Posts: 96
Joined: Mon Oct 27, 2003 9:47 am
Location: Cognacq Jay - 7ème de Paris

Unread postby shumiyao » Fri Feb 06, 2004 6:31 am

I received a notification from SGI today.

Patches: IRIX Patch 5474: Fixes for IRIX command and library vulnerabilities

This item is related to the following Operating System versions:
6.5.21f, 6.5.21m, 6.5.22

View it here: http://support.sgi.com/content_request/ ... index.html


Patches: IRIX Patch 5473: Fixes for IRIX command and library vulnerabilities

This item is related to the following Operating System versions:
6.5.18f, 6.5.18m, 6.5.19f, 6.5.19m, 6.5.20f, 6.5.20m

View it here: http://support.sgi.com/content_request/ ... index.html


Update: gr_osview is working again!


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest