Recent Alerts

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Recent Alerts

Unread postby squeen » Thu Jun 12, 2003 4:57 am

Here's a list of the most recent alerts I've recieved:

SGI specific:

Start at http://www.sgi.com/support/security/advisories.html for an SGI history of alerts and patches.

I don't see there yet:

MediaMail:
ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I

WebAdmin:
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I

TCP stack (IRIX 6.5.16 and prior):
Version Summary
-------------------------------------------------------------------------------------
SGI has released a security advisory that addresses the TCP stack broadcast connection vulnerability. Users are advised to upgrade to IRIX 6.5.17 or later.


Description
-------------------------------------------------------------------------------------
Several Unix applications do not properly reject TCP connection requests to IP broadcast addresses as stated in RFC1122. A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force that becomes an approved standard.

RFC1122 states that "a TCP implementation must silently discard an incoming SYN segment that is addressed to a broadcast or multicast address." A vulnerability exists that causes the TCP stack implementation to fail to verify the destination IP address. The stack checks the link layer address only. This can allow a remote user to establish an unauthorized connection to a system.


UNIX/freeware (may be an IRIX issue, may not):
---------------------------------

MySQL: http://lists.mysql.com/cgi-ez/ezmlm-cgi?2:mss:159:200303:anlmcilggaommdkbcboe

glibc: (GNU C library)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535

Samba:
http://us1.samba.org/samba/samba.html

Apache:
http://www.apache.org/dist/httpd/Announcement2.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:050

mod_auth (sgi_apache?):
http://rhn.redhat.com/errata/RHSA-2003-114.html

OpenSSH/PAM: (3.6.1p1 and prior)
http://www.openssh.org/portable.html#mirrors
http://www.kb.cert.org/vuls/id/978316

BIND:
http://www.kb.cert.org/vuls/id/738331

sudo:
http://www.courtesan.com/pipermail/sudo-announce/2002-April/000020.html

Ethereal:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:050

Ghostscript::
http://www.ghostscript.com/pipermail/gs-cvs/2003-May/003276.html

Jave Runtime Environment (JRE):
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55100&zone_32=category%3Asecurity

dvips (Latex print driver v1.0.7 and prior)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000537

gzip:
http://www.debian.org/security/2003/dsa-308

I hope all the patsed links are good!

User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Unread postby squeen » Mon Jun 16, 2003 4:17 am

Here's ome more recently:

SGI IRIX PIOCSWATCH ioctl Denial of Service Vulnerability (IRIX 6.5.20)

SGI has released a security advisory that will be available at the following FTP link: ["ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P">20030603-01-P]

User avatar
semi-fly
Posts: 786
Joined: Fri Feb 21, 2003 5:29 am
Location: Ypsitucky, MI
Contact:

Unread postby semi-fly » Mon Jun 16, 2003 6:49 am

gzip has a security flaw. heh.
http://www.debian.org/security/2003/dsa-308

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

mipspro

Unread postby dexter1 » Thu Jun 19, 2003 2:40 am

And now MIPSPro has a security flaw:

SGI Security Advisory

Title: MIPSPro Compiler Predictable Temp File vulnerability
Number: 20030605-01-A
Date: June 17, 2003
Reference: SGI BUG 792239
Reference: CVE CAN-2000-0578
Reference: BUGTRAQ ID# 1412 http://www.securityfocus.com/bid/1412

SGI acknowledges the compiler temporary file vulnerability reported by
Crimelabs: http://www.crimelabs.net/docs/irix-comp ... mpfile.txt and
is currently investigating.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2000-0578

No further information is available at this time. As further information
becomes available, additional advisories will be issued.

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

Unread postby dexter1 » Thu Jun 19, 2003 1:52 pm

Another one...

SGI Security Advisory

Title : Perl "Safe.pm" vulnerability
Number : 20030606-01-A
Date : June 17, 2003
Reference : SGI BUG 876818
Reference : CVE CAN-2002-1323
Reference : BUGTRAQ ID# 6111 http://www.securityfocus.com/bid/6111

SGI acknowledges the perl "Safe.pm" vulnerability reported by perl.org at:
http://use.perl.org/articles/02/10/06/1 ... html?tid=5 and is currently
investigating.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2002-1323

No further information is available at this time. As further information
becomes available, additional advisories will be issued.

User avatar
semi-fly
Posts: 786
Joined: Fri Feb 21, 2003 5:29 am
Location: Ypsitucky, MI
Contact:

Unread postby semi-fly » Thu Jun 19, 2003 1:56 pm

Hmm, I just talked with somone from the linuxbox (http://www.linuxbox.nu) the other day about security and perl modules.

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

Unread postby dexter1 » Wed Jun 25, 2003 12:56 am

Who! A very serious patch to some serious problems:


SGI Security Advisory

Title : Multiple IPv6-Induced Bugs & Vulnerabilities
Number : 20030607-01-P
Date : June 24, 2003

Reference : SGI BUGS 882266 880852 883371 879121 882124
883485 883748 884566 886352 886313
Fixed in : IRIX 6.5.21 or patch 5084

- -----------------------
- --- Issue Specifics ---
- -----------------------

It's been reported that there are several bugs in IRIX 6.5.19 that were
caused by the extensive changes to add IPv6 capability. Some of those
bugs have security implications:

o inetd can become hung when portscanned

o snoop now runs with a reduced capability set, so it doesn't handle
packets as a root user.

There are other bugs fixed by the patches referenced herein, but they are
not security-related:

o Flood ping no response interval too long

o inetd will not start when discard lines commented out of /etc/services

o ppp spins in tight loop and never starts when configured for "quiet"
mode

o Canonical name not shown in 'ping <ip_addr>' output

o rcp "Option f is not valid"

User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Unread postby squeen » Wed Jun 25, 2003 5:11 am

I can't find patch 5084 on their web site...hmmm.

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

Unread postby dexter1 » Wed Jun 25, 2003 7:45 am

it's on their ftp site:

wget ftp://patches.sgi.com/support/free/secu ... ch5084.tar

should do the trick..

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

Unread postby dexter1 » Fri Jul 18, 2003 4:36 am

This is a local login vulnerability just posted on bugtraq:

SGI Security Advisory

Title : Login Vulnerabilities
Number : 20030702-01-P
Date : July 16, 2003
Reference: CVE CAN-2003-0574
Reference: SGI BUGS 850587 889119
Fixed in : IRIX 6.5.21 or patch 5182

It's been reported that logging into an IRIX 6.5 machine while particular
environment variables are set can lead to /usr/lib/iaf/scheme (login)
dumping core. Since "scheme" is suid root, this could potentially lead to a
root compromise. A local account would be required to exploit any such
vulnerability.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0574

Please note that this is not the same issue as reported in
CERT advisory CA-2001-34 or CERT advisory CA-1997-21 (CVE-1999-0028).

User avatar
dexter1
Moderator
Moderator
Posts: 2062
Joined: Thu Feb 20, 2003 6:57 am
Location: Voorburg, The Netherlands
Contact:

Unread postby dexter1 » Fri Jul 18, 2003 4:54 am

... and this is one for nsd daemon:

SGI Security Advisory

Title : Multiple Vulnerabilities in Name Service Daemon (nsd)
Number : 20030701-01-P
Date : July 16, 2003
Reference: CVE CAN-2003-0176, CAN-2003-0177, CAN-2003-0572, CAN-2003-0573
Reference: SGI BUGS 844401, 866833, 862096, 849491
Fixed in : IRIX 6.5.21 or patches 5123 through 5133 and 5156

It's been reported that there are several vulnerabilities in the IRIX Name
Service Daemon (nsd):

o nsd on NIS master can die while being UDP portscanned (BUG 844401)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0176

o /etc/group doesn't honor "-" (minus) entries (BUG 849491)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0177

o nsd dynamic maps can be made to consume all memory (BUG 866833)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0572

o nsd DNS callbacks don't do enough sanity checking (BUG 862096)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0573

SGI has investigated the issues and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected in patches and in future releases of IRIX.

SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.21 when available, or install
the appropriate patch.

Code: Select all

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------
   IRIX 3.x        unknown                     Note 1
   IRIX 4.x        unknown                     Note 1
   IRIX 5.x        unknown                     Note 1
   IRIX 6.0.x      unknown                     Note 1
   IRIX 6.1        unknown                     Note 1
   IRIX 6.2        unknown                     Note 1
   IRIX 6.3        unknown                     Note 1
   IRIX 6.4        unknown                     Note 1
   IRIX 6.5          yes                       Notes 2 & 3
   IRIX 6.5.1        yes                       Notes 2 & 3
   IRIX 6.5.2        yes                       Notes 2 & 3
   IRIX 6.5.3        yes                       Notes 2 & 3
   IRIX 6.5.4        yes                       Notes 2 & 3
   IRIX 6.5.5        yes                       Notes 2 & 3
   IRIX 6.5.6        yes                       Notes 2 & 3
   IRIX 6.5.7        yes                       Notes 2 & 3
   IRIX 6.5.8        yes                       Notes 2 & 3
   IRIX 6.5.9        yes                       Notes 2 & 3
   IRIX 6.5.10       yes                       Notes 2 & 3
   IRIX 6.5.11       yes                       Notes 2 & 3
   IRIX 6.5.12       yes                       Notes 2 & 3
   IRIX 6.5.13       yes                       Notes 2 & 3
   IRIX 6.5.14       yes                       Notes 2 & 3
   IRIX 6.5.15m      yes           5123        Notes 2 & 4
   IRIX 6.5.15f      yes           5124        Notes 2 & 4
   IRIX 6.5.16m      yes           5125        Notes 2 & 4
   IRIX 6.5.16f      yes           5126        Notes 2 & 4
   IRIX 6.5.17m      yes           5127        Notes 2 & 4
   IRIX 6.5.17f      yes           5128        Notes 2 & 4
   IRIX 6.5.18m      yes           5129        Notes 2 & 4
   IRIX 6.5.18f      yes           5130        Notes 2 & 4
   IRIX 6.5.19m      yes           5131        Notes 2 & 4
   IRIX 6.5.19f      yes           5132        Notes 2 & 4
   IRIX 6.5.20m      yes           5133        Notes 2 & 4
   IRIX 6.5.20f      yes           5156        Notes 2 & 4
   IRIX 6.5.21        no




So y'all got something to do this weekend :)

User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

IRIX nsd AUTH_UNIX gid List Vulnerability

Unread postby squeen » Mon Aug 04, 2003 6:22 am

This one seems to be new:


ftp://patches.sgi.com/support/free/secu ... 0704-01-P/

Code: Select all

It's been reported that the IRIX name services daemon "nsd" can be exploited
in various ways through the AUTH_UNIX gid list.  This could result in an
attacker gaining root access.

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------   
   IRIX 3.x        unknown                     Note 1
   IRIX 4.x        unknown                     Note 1
   IRIX 5.x        unknown                     Note 1
   IRIX 6.0.x      unknown                     Note 1         
   IRIX 6.1        unknown                     Note 1         
   IRIX 6.2        unknown                     Note 1
   IRIX 6.3        unknown                     Note 1
   IRIX 6.4        unknown                     Note 1
   IRIX 6.5          yes                       Notes 2 & 3
   IRIX 6.5.1        yes                       Notes 2 & 3
   IRIX 6.5.2        yes                       Notes 2 & 3
   IRIX 6.5.3        yes                       Notes 2 & 3
   IRIX 6.5.4        yes                       Notes 2 & 3
   IRIX 6.5.5        yes                       Notes 2 & 3
   IRIX 6.5.6        yes                       Notes 2 & 3
   IRIX 6.5.7        yes                       Notes 2 & 3
   IRIX 6.5.8        yes                       Notes 2 & 3
   IRIX 6.5.9        yes                       Notes 2 & 3
   IRIX 6.5.10       yes                       Notes 2 & 3
   IRIX 6.5.11       yes                       Notes 2 & 3
   IRIX 6.5.12       yes                       Notes 2 & 3
   IRIX 6.5.13       yes                       Notes 2 & 3
   IRIX 6.5.14       yes                       Notes 2 & 3
   IRIX 6.5.15       yes                       Notes 2 & 3
   IRIX 6.5.16       yes                       Notes 2 & 3
   IRIX 6.5.17m      yes            5189       Notes 2 & 4
   IRIX 6.5.17f      yes            5190       Notes 2 & 4
   IRIX 6.5.18m      yes            5191       Notes 2 & 4
   IRIX 6.5.18f      yes            5192       Notes 2 & 4
   IRIX 6.5.19m      yes            5193       Notes 2 & 4
   IRIX 6.5.19f      yes            5194       Notes 2 & 4
   IRIX 6.5.20m      yes            5195       Notes 2 & 4
   IRIX 6.5.20f      yes            5196       Notes 2 & 4
   IRIX 6.5.21m      yes            5197       Notes 2 & 4
   IRIX 6.5.21f      yes            5197       Notes 2 & 4[


User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Apache HTTP Server 1.3 Multiple Vulnerabilities

Unread postby squeen » Mon Aug 04, 2003 6:54 am

And another that affects sgi_apache bundled with IRIX up to 6.5.20.


Apache HTTP Server versions prior to 1.3.28 contain several vulnerabilities that may allow a remote attacker to either create a denial of service (DoS) on the Apache server or exploit file descriptor information.

The first vulnerability results from the improper handling of special control characters that are received by the rotatelogs program over pipes. If a special character is sent to that program, the program may stop logging and then exit.

The second vulnerability involves a DoS on the server that results from multiple internal redirects and nested subrequests. This results in an infinite loop and causes the server to hang or crash.

The third vulnerability results from file descriptor
leaks to child processes. This vulnerability could be exploited to gain information about any processes that are running.

Updates are available.


Return to “SGI: Security”

Who is online

Users browsing this forum: Ahrefs [Bot] and 1 guest