Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Thu May 23, 2013 5:37 pm

View unanswered posts | View active topics View unread posts


Board index » SGI » SGI: Security

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  Page 1 of 1
  [ 13 posts ] 
  Print view Previous topic | First unread post | Next topic 
Author Message
squeen
 Post subject: Recent Alerts
Unread postPosted: Thu Jun 12, 2003 3:57 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2930
Location: Maryland, USA
Here's a list of the most recent alerts I've recieved:

SGI specific:

Start at http://www.sgi.com/support/security/advisories.html for an SGI history of alerts and patches.

I don't see there yet:

MediaMail:
ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I

WebAdmin:
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I

TCP stack (IRIX 6.5.16 and prior):
Quote:
Version Summary
-------------------------------------------------------------------------------------
SGI has released a security advisory that addresses the TCP stack broadcast connection vulnerability. Users are advised to upgrade to IRIX 6.5.17 or later.


Description
-------------------------------------------------------------------------------------
Several Unix applications do not properly reject TCP connection requests to IP broadcast addresses as stated in RFC1122. A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force that becomes an approved standard.

RFC1122 states that "a TCP implementation must silently discard an incoming SYN segment that is addressed to a broadcast or multicast address." A vulnerability exists that causes the TCP stack implementation to fail to verify the destination IP address. The stack checks the link layer address only. This can allow a remote user to establish an unauthorized connection to a system.


UNIX/freeware (may be an IRIX issue, may not):
---------------------------------

MySQL: http://lists.mysql.com/cgi-ez/ezmlm-cgi?2:mss:159:200303:anlmcilggaommdkbcboe

glibc: (GNU C library)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535

Samba:
http://us1.samba.org/samba/samba.html

Apache:
http://www.apache.org/dist/httpd/Announcement2.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:050

mod_auth (sgi_apache?):
http://rhn.redhat.com/errata/RHSA-2003-114.html

OpenSSH/PAM: (3.6.1p1 and prior)
http://www.openssh.org/portable.html#mirrors
http://www.kb.cert.org/vuls/id/978316

BIND:
http://www.kb.cert.org/vuls/id/738331

sudo:
http://www.courtesan.com/pipermail/sudo-announce/2002-April/000020.html

Ethereal:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:050

Ghostscript::
http://www.ghostscript.com/pipermail/gs-cvs/2003-May/003276.html

Jave Runtime Environment (JRE):
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55100&zone_32=category%3Asecurity

dvips (Latex print driver v1.0.7 and prior)
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000537

gzip:
http://www.debian.org/security/2003/dsa-308

I hope all the patsed links are good!
Top
 Profile  
 
squeen
 Post subject:
Unread postPosted: Mon Jun 16, 2003 3:17 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2930
Location: Maryland, USA
Here's ome more recently:

SGI IRIX PIOCSWATCH ioctl Denial of Service Vulnerability (IRIX 6.5.20)

SGI has released a security advisory that will be available at the following FTP link: ["ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P">20030603-01-P]
Top
 Profile  
 
semi-fly
 Post subject:
Unread postPosted: Mon Jun 16, 2003 5:49 am 
Offline
User avatar

Joined: Fri Feb 21, 2003 5:29 am
Posts: 786
Location: Ypsitucky, MI
gzip has a security flaw. heh.
http://www.debian.org/security/2003/dsa-308
Top
 Profile  
 
dexter1
 Post subject: mipspro
Unread postPosted: Thu Jun 19, 2003 1:40 am 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
And now MIPSPro has a security flaw:

SGI Security Advisory

Title: MIPSPro Compiler Predictable Temp File vulnerability
Number: 20030605-01-A
Date: June 17, 2003
Reference: SGI BUG 792239
Reference: CVE CAN-2000-0578
Reference: BUGTRAQ ID# 1412 http://www.securityfocus.com/bid/1412

SGI acknowledges the compiler temporary file vulnerability reported by
Crimelabs: http://www.crimelabs.net/docs/irix-comp ... mpfile.txt and
is currently investigating.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2000-0578

No further information is available at this time. As further information
becomes available, additional advisories will be issued.
Top
 Profile  
 
dexter1
 Post subject:
Unread postPosted: Thu Jun 19, 2003 12:52 pm 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
Another one...

SGI Security Advisory

Title : Perl "Safe.pm" vulnerability
Number : 20030606-01-A
Date : June 17, 2003
Reference : SGI BUG 876818
Reference : CVE CAN-2002-1323
Reference : BUGTRAQ ID# 6111 http://www.securityfocus.com/bid/6111

SGI acknowledges the perl "Safe.pm" vulnerability reported by perl.org at:
http://use.perl.org/articles/02/10/06/1 ... html?tid=5 and is currently
investigating.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2002-1323

No further information is available at this time. As further information
becomes available, additional advisories will be issued.
Top
 Profile  
 
semi-fly
 Post subject:
Unread postPosted: Thu Jun 19, 2003 12:56 pm 
Offline
User avatar

Joined: Fri Feb 21, 2003 5:29 am
Posts: 786
Location: Ypsitucky, MI
Hmm, I just talked with somone from the linuxbox (http://www.linuxbox.nu) the other day about security and perl modules.
Top
 Profile  
 
dexter1
 Post subject:
Unread postPosted: Tue Jun 24, 2003 11:56 pm 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
Who! A very serious patch to some serious problems:


SGI Security Advisory

Title : Multiple IPv6-Induced Bugs & Vulnerabilities
Number : 20030607-01-P
Date : June 24, 2003

Reference : SGI BUGS 882266 880852 883371 879121 882124
883485 883748 884566 886352 886313
Fixed in : IRIX 6.5.21 or patch 5084

- -----------------------
- --- Issue Specifics ---
- -----------------------

It's been reported that there are several bugs in IRIX 6.5.19 that were
caused by the extensive changes to add IPv6 capability. Some of those
bugs have security implications:

o inetd can become hung when portscanned

o snoop now runs with a reduced capability set, so it doesn't handle
packets as a root user.

There are other bugs fixed by the patches referenced herein, but they are
not security-related:

o Flood ping no response interval too long

o inetd will not start when discard lines commented out of /etc/services

o ppp spins in tight loop and never starts when configured for "quiet"
mode

o Canonical name not shown in 'ping <ip_addr>' output

o rcp "Option f is not valid"
Top
 Profile  
 
squeen
 Post subject:
Unread postPosted: Wed Jun 25, 2003 4:11 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2930
Location: Maryland, USA
I can't find patch 5084 on their web site...hmmm.
Top
 Profile  
 
dexter1
 Post subject:
Unread postPosted: Wed Jun 25, 2003 6:45 am 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
it's on their ftp site:

wget ftp://patches.sgi.com/support/free/secu ... ch5084.tar

should do the trick..
Top
 Profile  
 
dexter1
 Post subject:
Unread postPosted: Fri Jul 18, 2003 3:36 am 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
This is a local login vulnerability just posted on bugtraq:

SGI Security Advisory

Title : Login Vulnerabilities
Number : 20030702-01-P
Date : July 16, 2003
Reference: CVE CAN-2003-0574
Reference: SGI BUGS 850587 889119
Fixed in : IRIX 6.5.21 or patch 5182

It's been reported that logging into an IRIX 6.5 machine while particular
environment variables are set can lead to /usr/lib/iaf/scheme (login)
dumping core. Since "scheme" is suid root, this could potentially lead to a
root compromise. A local account would be required to exploit any such
vulnerability.

This issue was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0574

Please note that this is not the same issue as reported in
CERT advisory CA-2001-34 or CERT advisory CA-1997-21 (CVE-1999-0028).
Top
 Profile  
 
dexter1
 Post subject:
Unread postPosted: Fri Jul 18, 2003 3:54 am 
Offline
Moderator
Moderator
User avatar

Joined: Thu Feb 20, 2003 6:57 am
Posts: 2062
Location: Voorburg, The Netherlands
... and this is one for nsd daemon:

SGI Security Advisory

Title : Multiple Vulnerabilities in Name Service Daemon (nsd)
Number : 20030701-01-P
Date : July 16, 2003
Reference: CVE CAN-2003-0176, CAN-2003-0177, CAN-2003-0572, CAN-2003-0573
Reference: SGI BUGS 844401, 866833, 862096, 849491
Fixed in : IRIX 6.5.21 or patches 5123 through 5133 and 5156

It's been reported that there are several vulnerabilities in the IRIX Name
Service Daemon (nsd):

o nsd on NIS master can die while being UDP portscanned (BUG 844401)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0176

o /etc/group doesn't honor "-" (minus) entries (BUG 849491)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0177

o nsd dynamic maps can be made to consume all memory (BUG 866833)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0572

o nsd DNS callbacks don't do enough sanity checking (BUG 862096)
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0573

SGI has investigated the issues and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected in patches and in future releases of IRIX.

SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.21 when available, or install
the appropriate patch.
Code:
   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------
   IRIX 3.x        unknown                     Note 1
   IRIX 4.x        unknown                     Note 1
   IRIX 5.x        unknown                     Note 1
   IRIX 6.0.x      unknown                     Note 1
   IRIX 6.1        unknown                     Note 1
   IRIX 6.2        unknown                     Note 1
   IRIX 6.3        unknown                     Note 1
   IRIX 6.4        unknown                     Note 1
   IRIX 6.5          yes                       Notes 2 & 3
   IRIX 6.5.1        yes                       Notes 2 & 3
   IRIX 6.5.2        yes                       Notes 2 & 3
   IRIX 6.5.3        yes                       Notes 2 & 3
   IRIX 6.5.4        yes                       Notes 2 & 3
   IRIX 6.5.5        yes                       Notes 2 & 3
   IRIX 6.5.6        yes                       Notes 2 & 3
   IRIX 6.5.7        yes                       Notes 2 & 3
   IRIX 6.5.8        yes                       Notes 2 & 3
   IRIX 6.5.9        yes                       Notes 2 & 3
   IRIX 6.5.10       yes                       Notes 2 & 3
   IRIX 6.5.11       yes                       Notes 2 & 3
   IRIX 6.5.12       yes                       Notes 2 & 3
   IRIX 6.5.13       yes                       Notes 2 & 3
   IRIX 6.5.14       yes                       Notes 2 & 3
   IRIX 6.5.15m      yes           5123        Notes 2 & 4
   IRIX 6.5.15f      yes           5124        Notes 2 & 4
   IRIX 6.5.16m      yes           5125        Notes 2 & 4
   IRIX 6.5.16f      yes           5126        Notes 2 & 4
   IRIX 6.5.17m      yes           5127        Notes 2 & 4
   IRIX 6.5.17f      yes           5128        Notes 2 & 4
   IRIX 6.5.18m      yes           5129        Notes 2 & 4
   IRIX 6.5.18f      yes           5130        Notes 2 & 4
   IRIX 6.5.19m      yes           5131        Notes 2 & 4
   IRIX 6.5.19f      yes           5132        Notes 2 & 4
   IRIX 6.5.20m      yes           5133        Notes 2 & 4
   IRIX 6.5.20f      yes           5156        Notes 2 & 4
   IRIX 6.5.21        no




So y'all got something to do this weekend :)
Top
 Profile  
 
squeen
Unread postPosted: Mon Aug 04, 2003 5:22 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2930
Location: Maryland, USA
This one seems to be new:


ftp://patches.sgi.com/support/free/secu ... 0704-01-P/

Code:
It's been reported that the IRIX name services daemon "nsd" can be exploited
in various ways through the AUTH_UNIX gid list.  This could result in an
attacker gaining root access.

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------   
   IRIX 3.x        unknown                     Note 1
   IRIX 4.x        unknown                     Note 1
   IRIX 5.x        unknown                     Note 1
   IRIX 6.0.x      unknown                     Note 1         
   IRIX 6.1        unknown                     Note 1         
   IRIX 6.2        unknown                     Note 1
   IRIX 6.3        unknown                     Note 1
   IRIX 6.4        unknown                     Note 1
   IRIX 6.5          yes                       Notes 2 & 3
   IRIX 6.5.1        yes                       Notes 2 & 3
   IRIX 6.5.2        yes                       Notes 2 & 3
   IRIX 6.5.3        yes                       Notes 2 & 3
   IRIX 6.5.4        yes                       Notes 2 & 3
   IRIX 6.5.5        yes                       Notes 2 & 3
   IRIX 6.5.6        yes                       Notes 2 & 3
   IRIX 6.5.7        yes                       Notes 2 & 3
   IRIX 6.5.8        yes                       Notes 2 & 3
   IRIX 6.5.9        yes                       Notes 2 & 3
   IRIX 6.5.10       yes                       Notes 2 & 3
   IRIX 6.5.11       yes                       Notes 2 & 3
   IRIX 6.5.12       yes                       Notes 2 & 3
   IRIX 6.5.13       yes                       Notes 2 & 3
   IRIX 6.5.14       yes                       Notes 2 & 3
   IRIX 6.5.15       yes                       Notes 2 & 3
   IRIX 6.5.16       yes                       Notes 2 & 3
   IRIX 6.5.17m      yes            5189       Notes 2 & 4
   IRIX 6.5.17f      yes            5190       Notes 2 & 4
   IRIX 6.5.18m      yes            5191       Notes 2 & 4
   IRIX 6.5.18f      yes            5192       Notes 2 & 4
   IRIX 6.5.19m      yes            5193       Notes 2 & 4
   IRIX 6.5.19f      yes            5194       Notes 2 & 4
   IRIX 6.5.20m      yes            5195       Notes 2 & 4
   IRIX 6.5.20f      yes            5196       Notes 2 & 4
   IRIX 6.5.21m      yes            5197       Notes 2 & 4
   IRIX 6.5.21f      yes            5197       Notes 2 & 4[
Top
 Profile  
 
squeen
Unread postPosted: Mon Aug 04, 2003 5:54 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2930
Location: Maryland, USA
And another that affects sgi_apache bundled with IRIX up to 6.5.20.


Quote:
Apache HTTP Server versions prior to 1.3.28 contain several vulnerabilities that may allow a remote attacker to either create a denial of service (DoS) on the Apache server or exploit file descriptor information.

The first vulnerability results from the improper handling of special control characters that are received by the rotatelogs program over pipes. If a special character is sent to that program, the program may stop logging and then exit.

The second vulnerability involves a DoS on the server that results from multiple internal redirects and nested subrequests. This results in an infinite loop and causes the server to hang or crash.

The third vulnerability results from file descriptor
leaks to child processes. This vulnerability could be exploited to gain information about any processes that are running.

Updates are available.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 13 posts ] 

Board index » SGI » SGI: Security

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group