Vulnerabilities in gr_osview

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
smharr4
Posts: 77
Joined: Sun Jan 18, 2004 3:15 pm
Location: Seattle, WA
Contact:

Vulnerabilities in gr_osview

Unread postby smharr4 » Fri Apr 08, 2005 3:56 pm

I saw these two rather nasty vulnerabilities in my mailbox today:

http://www.idefense.com/application/poi/display?id=225 and
http://www.idefense.com/application/poi/display?id=226

Luckily, patches seem to be available:

ftp://patches.sgi.com/support/free/secu ... 2-01-P.asc

Looks like I know what I'm doing this weekend...

User avatar
Hakimoto
Moderator
Moderator
Posts: 2580
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Unread postby Hakimoto » Sat Apr 09, 2005 5:15 am

Good to know sgi has made a patch available already. I use gr_osview heavily and wouldn't want any bad surprises.
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Unread postby nekonoko » Sat Apr 09, 2005 5:18 am

Hakimoto wrote:Good to know sgi has made a patch available already. I use gr_osview heavily and wouldn't want any bad surprises.


It's a local exploit meaning that it's really only an issue if you give untrusted users accounts on your system - probably not that likely in a private setting :)

For an ISP or university which offers shell access on an IRIX box this would definitely be something you'd want to patch right away.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
Hakimoto
Moderator
Moderator
Posts: 2580
Joined: Sun Mar 30, 2003 4:29 am
Location: Nijmegen, Netherlands, Europe
Contact:

Unread postby Hakimoto » Sat Apr 09, 2005 6:59 am

Patched it nonetheless and did a chmod on the file on my girlie's Indy, since that one is running .22 and the patch is .23 upwards.

Yeah, it's a local exploit allright, but then again, better secure than sorry one day.
The Bandito wrote:In a few years, no doubt, you'll be able to buy a computer,
software and operating system that will match the capabilities
of your current Amiga at about the price you paid for the
Amiga way back when. But you can smile to yourself, knowing
that you were touching the future years before the rest of
the world. And that other computers and operating systems
will do with brute force what the Amiga did years before with
grace, elegance and style.


Eroteme.ch - my end of the internet...


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest