SGI acknowledges the network device driver vulnerability reported by AtStake
and is currently investigating:http://www.atstake.com/research/advisor ... report.pdfhttp://www.kb.cert.org/vuls/id/412115 http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0001
Our initial investigation shows that our egXX and tgXX gigabit cards and
efXX interfaces in Origins and Octanes don't appear to be vulnerable.
No further information is available at this time. As further information
becomes available, additional advisories will be issued.
For the protection of all our customers, SGI does not disclose, discuss or
confirm vulnerabilities until a full investigation has occurred and any
necessary patch(es) or release streams are available for all vulnerable and
supported Linux and IRIX operating systems.
Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable and take
appropriate steps according to local site security policies and
As further information becomes available, additional advisories will be
issued via the normal SGI security information distribution methods
including the wiretap mailing list.