ESP and W32/Sasser-A worm

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

ESP and W32/Sasser-A worm

Unread postby squeen » Wed May 05, 2004 5:20 am

Not really an IRIX security problem, but it might help to know:



Description
- -------------------------------------------------------------------------------------
SGI has released an advisory indicating that the W32/Sasser-A worm described in TruSecure Alert 7608 propagates over the same port (5554/tcp) used by the SGI Embedded Support Partner (ESP). The ESP web server is enabled by default on systems running SGI IRIX. As a result, virus detection applications that scan for infections based on port activity may report an infection on IRIX systems running ESP.

Impact
- -------------------------------------------------------------------------------------
This issue could cause virus detection software and port scanners to incorrectly determine that SGI IRIX systems running ESP are infected by W32/Sasser-A or its variants.

Patches/Software
- -------------------------------------------------------------------------------------
SGI has released a security advisory at the following FTP link: 20040501-01-I["ftp://patches.sgi.com/support/free/security/advisories/20040501-01-I.asc"]

User avatar
Hakimoto
Moderator
Moderator
Posts: 2483
Joined: Sun Mar 30, 2003 4:29 am
Location: Kabul, Afghanistan, Asia
Contact:

Unread postby Hakimoto » Wed May 05, 2004 2:12 pm

Thanks for the info, squeen, for me this is important. It's much appreciated.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest