Nekochan Net

Official Chat Channel: #nekochan // irc.nekochan.net
It is currently Fri Aug 01, 2014 3:52 am

All times are UTC - 8 hours


Forum rules


Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.



Post new topic Reply to topic  [ 2 posts ] 
Author Message
Unread postPosted: Tue Jun 15, 2004 1:22 am 
Offline
User avatar

Joined: Tue Apr 29, 2003 1:02 pm
Posts: 967
Location: Rijswijk, The Netherlands. Reigate, England.
Code:
-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                          SGI Security Advisory

   Title:      syssgi system call vulnerability and other security fixes
   Number:     20040601-01-P
   Date:       June 14, 2004
   Reference:  SGI BUG 914420, CVE CAN-2004-0135
   Reference:  SGI BUG 912601, CVE CAN-2004-0136
   Reference:  SGI BUG 907407, CVE CAN-2004-0137
   Fixed in:   Patches 5625 5548 5538 5627 5549 5628 5621 5550 5620
   Fixed in:   Patches 5622 5551 5613 5630 5619 5553 5624 5593
______________________________________________________________________________

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.   SGI recommends
that this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS"
basis only, and disclaims all warranties with respect thereto, express,
implied or otherwise, including, without limitation, any warranty of
merchantability or fitness for a particular purpose.  In no event shall
SGI be liable for any loss of profits, loss of business, loss of data or

for any indirect, special, exemplary, incidental or consequential damages
of any kind arising from your use of, failure to use or improper use of
any of the instructions or information in this Security Advisory.
_____________________________________________________________________________

- -----------------------
- --- Issue Specifics ---
- -----------------------

Adam Gowdiak from the Poznan Supercomputing and Networking Center
has reported that under certain conditions non privileged users
can use the syssgi system call SGI_IOPROBE to read and write kernel memory
which can be used to obtain root user privileges.

SGI has assigned the following Common Vulnerabilities and Exposures
(cve.mitre.org) name to the syssgi SGI_IOPROBE vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0135

Two local DoS fixes are also addressed in these patches:
* 912601: corrupted binary can crash the system in mapelf32exec()
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136

* 907407: init can panic due to page invalidation issues
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0137

SGI has investigated the issue and recommends the following steps for
resolving this issue.  It is HIGHLY RECOMMENDED that these measures
be implemented on ALL vulnerable SGI systems.  This issue has been
corrected in future releases of IRIX.


- --------------
- --- Impact ---
- --------------

To determine the version of IRIX you are running, execute the following
command:

  # /bin/uname -R

That will return a result similar to the following:

  # 6.5 6.5.21f

The first number ("6.5") is the release name, the second ("6.5.21f" in
this case) is the extended release name.  The extended release name
is the "version" we refer to throughout this document.


- ----------------
- --- Solution ---
- ----------------

SGI has provided a series of patches for these vulnerabilities.
Our recommendation is to upgrade to IRIX 6.5.25, or install the
appropriate patches.

OS Version     Vulnerable?     Patch #      Other Actions
- ----------     -----------     -------      -------------
IRIX 3.x        unknown                     Note 1
IRIX 4.x        unknown                     Note 1
IRIX 5.x        unknown                     Note 1
IRIX 6.0.x      unknown                     Note 1
IRIX 6.1        unknown                     Note 1
IRIX 6.2        unknown                     Note 1
IRIX 6.3        unknown                     Note 1
IRIX 6.4        unknown                     Note 1
IRIX 6.5        unknown                     Note 1
IRIX 6.5.1      unknown                     Note 1
IRIX 6.5.2      unknown                     Note 1
IRIX 6.5.3      unknown                     Note 1
IRIX 6.5.4      unknown                     Note 1
IRIX 6.5.5      unknown                     Note 1
IRIX 6.5.6      unknown                     Note 1
IRIX 6.5.7      unknown                     Note 1
IRIX 6.5.8      unknown                     Note 1
IRIX 6.5.9      unknown                     Note 1
IRIX 6.5.10     unknown                     Note 1
IRIX 6.5.11     unknown                     Note 1
IRIX 6.5.12     unknown                     Note 1
IRIX 6.5.13     unknown                     Note 1
IRIX 6.5.14     unknown                     Note 1
IRIX 6.5.15     unknown                     Note 1
IRIX 6.5.16     unknown                     Note 1
IRIX 6.5.17     unknown                     Note 1
IRIX 6.5.18     unknown                     Note 1
IRIX 6.5.19     unknown                     Note 1

IRIX 6.5.20m      yes       5625 & 5548     Notes 2 & 3 & 4
                           or 5626 & 5548

IRIX 6.5.20f      yes       5627 & 5549     Notes 2 & 3 & 5
                          or 5628 & 5549

IRIX 6.5.21m      yes        5621 & 5550    Notes 2 & 3 & 6
                           or 5620 & 5550

IRIX 6.5.21f      yes        5622 & 5551    Notes 2 & 3

IRIX 6.5.22       yes        5613 & 5630    Notes 2 & 3

IRIX 6.5.23       yes        5619 & 5553    Notes 2 & 3

IRIX 6.5.24       yes        5624 & 5593    Notes 2 & 3

IRIX 6.5.25       no


   NOTES

     1) This version of the IRIX operating system is not actively supported.
        Upgrade to an actively supported IRIX operating system.
        See http://support.sgi.com/ for more information.

     2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact
        your SGI Support Provider or URL: http://support.sgi.com/

     3) Install ALL the required patch(es) based on your operating release.

     4) Patches 5625 & 5548 are for all platforms except IP35 systems.
        Patches 5626 & 5548 are for IP35 systems only.

     5) Patches 5627 & 5549 are for all platforms except IP35 systems.
        Patches 5628 & 5549 are for IP35 systems only.

     6) Patches 5621 & 5550 are for all platforms except IP35 systems.
        Patches 5620 & 5550 are for IP35 systems only.



                ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:

Filename:                 README.patch.5548
Algorithm #1 (sum -r):    26166 9 README.patch.5548
Algorithm #2 (sum):       18572 9 README.patch.5548
MD5 checksum:             B959E9138AC13D5B4D3EC58AB9787316

Filename:                 patchSG0005548
Algorithm #1 (sum -r):    13142 5 patchSG0005548
Algorithm #2 (sum):       13101 5 patchSG0005548
MD5 checksum:             2F4B0DE6EDA3EC7FE877C1C30FB24792

Filename:                 patchSG0005548.eoe_sw
Algorithm #1 (sum -r):    33151 18039 patchSG0005548.eoe_sw
Algorithm #2 (sum):       18823 18039 patchSG0005548.eoe_sw
MD5 checksum:             8E5E40C1A89A31A563FB3B49D868D380

Filename:                 patchSG0005548.idb
Algorithm #1 (sum -r):    26717 29 patchSG0005548.idb
Algorithm #2 (sum):       13280 29 patchSG0005548.idb
MD5 checksum:             D08197D45FC6933C49E0C1893153B900

Filename:                 README.patch.5549
Algorithm #1 (sum -r):    40030 9 README.patch.5549
Algorithm #2 (sum):       20807 9 README.patch.5549
MD5 checksum:             2761D23E07FFE86E5E7D18DDB0BE9D97

Filename:                 patchSG0005549
Algorithm #1 (sum -r):    43400 2 patchSG0005549
Algorithm #2 (sum):       51896 2 patchSG0005549
MD5 checksum:             44C8DA9E91DDA27D9E8D01CF9891B0B3

Filename:                 patchSG0005549.eoe_sw
Algorithm #1 (sum -r):    15049 15542 patchSG0005549.eoe_sw
Algorithm #2 (sum):       17768 15542 patchSG0005549.eoe_sw
MD5 checksum:             616E1E9D8F084CFF3770B871B3FD10C3

Filename:                 patchSG0005549.idb
Algorithm #1 (sum -r):    57827 9 patchSG0005549.idb
Algorithm #2 (sum):       246 9 patchSG0005549.idb
MD5 checksum:             E4F8FEEA0E751B0FE56FB138604E6129

Filename:                 README.patch.5550
Algorithm #1 (sum -r):    54963 8 README.patch.5550
Algorithm #2 (sum):       41537 8 README.patch.5550
MD5 checksum:             DD131FE14A646E8D8D78A21F24C489C3

Filename:                 patchSG0005550
Algorithm #1 (sum -r):    16785 1 patchSG0005550
Algorithm #2 (sum):       32514 1 patchSG0005550
MD5 checksum:             E27BB553CC350FEDF2EBD0A215AF0013

Filename:                 patchSG0005550.eoe_sw
Algorithm #1 (sum -r):    00937 13396 patchSG0005550.eoe_sw
Algorithm #2 (sum):       57917 13396 patchSG0005550.eoe_sw
MD5 checksum:             8D5320961B39E8998D54D15BF3B45D14

Filename:                 patchSG0005550.idb
Algorithm #1 (sum -r):    51844 8 patchSG0005550.idb
Algorithm #2 (sum):       38152 8 patchSG0005550.idb
MD5 checksum:             A83324F8F4140ACAD4643447948B006F

Filename:                 README.patch.5551
Algorithm #1 (sum -r):    55602 8 README.patch.5551
Algorithm #2 (sum):       33151 8 README.patch.5551
MD5 checksum:             8D66DD9494365B233F6C01515EA97F3A

Filename:                 patchSG0005551
Algorithm #1 (sum -r):    10276 2 patchSG0005551
Algorithm #2 (sum):       38762 2 patchSG0005551
MD5 checksum:             2762694336F92F9439683849097C4126

Filename:                 patchSG0005551.eoe_sw
Algorithm #1 (sum -r):    29512 14002 patchSG0005551.eoe_sw
Algorithm #2 (sum):       23969 14002 patchSG0005551.eoe_sw
MD5 checksum:             64F405B6C5E2B9DC04310BD9F10CEE09

Filename:                 patchSG0005551.idb
Algorithm #1 (sum -r):    30570 8 patchSG0005551.idb
Algorithm #2 (sum):       38288 8 patchSG0005551.idb
MD5 checksum:             307BA9B2855ED1E5A061125F7C358D6E

Filename:                 README.patch.5553
Algorithm #1 (sum -r):    46824 8 README.patch.5553
Algorithm #2 (sum):       54465 8 README.patch.5553
MD5 checksum:             24AB2CA3A0CEA9C318E398C2BA436ECD

Filename:                 patchSG0005553
Algorithm #1 (sum -r):    18187 2 patchSG0005553
Algorithm #2 (sum):       38628 2 patchSG0005553
MD5 checksum:             283C010B562210F38D47B510F4CFEB2D

Filename:                 patchSG0005553.eoe_sw
Algorithm #1 (sum -r):    50710 14005 patchSG0005553.eoe_sw
Algorithm #2 (sum):       17756 14005 patchSG0005553.eoe_sw
MD5 checksum:             FE920B46DF530791039CB0AEB93859BE

Filename:                 patchSG0005553.idb
Algorithm #1 (sum -r):    38820 8 patchSG0005553.idb
Algorithm #2 (sum):       38378 8 patchSG0005553.idb
MD5 checksum:             C3BF2CB0F10A2ACBC2074A198A5B569A

Filename:                 README.patch.5593
Algorithm #1 (sum -r):    33394 8 README.patch.5593
Algorithm #2 (sum):       37264 8 README.patch.5593
MD5 checksum:             FB492D4B35E7F1F3F959D8E9923E5556

Filename:                 patchSG0005593
Algorithm #1 (sum -r):    02567 1 patchSG0005593
Algorithm #2 (sum):       34191 1 patchSG0005593
MD5 checksum:             679FF67051E7823560A3E55426E98A30

Filename:                 patchSG0005593.eoe_sw
Algorithm #1 (sum -r):    05976 5136 patchSG0005593.eoe_sw
Algorithm #2 (sum):       15294 5136 patchSG0005593.eoe_sw
MD5 checksum:             F7DA069E3ADE041D5373E5445744DD17

Filename:                 patchSG0005593.idb
Algorithm #1 (sum -r):    02257 4 patchSG0005593.idb
Algorithm #2 (sum):       62883 4 patchSG0005593.idb
MD5 checksum:             58F1EC38146F3A09240222D373ED233F

Filename:                 README.patch.5613
Algorithm #1 (sum -r):    42073 9 README.patch.5613
Algorithm #2 (sum):       22676 9 README.patch.5613
MD5 checksum:             760B9D835D59457C81EA39547AD81A07

Filename:                 patchSG0005613
Algorithm #1 (sum -r):    34590 2 patchSG0005613
Algorithm #2 (sum):       51723 2 patchSG0005613
MD5 checksum:             B28E516B51DCB46B28DC796281511A47

Filename:                 patchSG0005613.eoe_sw
Algorithm #1 (sum -r):    46578 36821 patchSG0005613.eoe_sw
Algorithm #2 (sum):       38369 36821 patchSG0005613.eoe_sw
MD5 checksum:             EDBCB48FE88DE4656FE6800714DAC7FF

Filename:                 patchSG0005613.idb
Algorithm #1 (sum -r):    63612 15 patchSG0005613.idb
Algorithm #2 (sum):       45686 15 patchSG0005613.idb
MD5 checksum:             6CEC4F36E3D60F57F9699A7EF56D6074

Filename:                 README.patch.5619
Algorithm #1 (sum -r):    47907 8 README.patch.5619
Algorithm #2 (sum):       54534 8 README.patch.5619
MD5 checksum:             75D59B715A99F770E92A2AD05DA1B0F1

Filename:                 patchSG0005619
Algorithm #1 (sum -r):    14181 2 patchSG0005619
Algorithm #2 (sum):       51762 2 patchSG0005619
MD5 checksum:             C490E2A95036F2A7161B5E668D1AC001

Filename:                 patchSG0005619.eoe_sw
Algorithm #1 (sum -r):    19884 13028 patchSG0005619.eoe_sw
Algorithm #2 (sum):       63471 13028 patchSG0005619.eoe_sw
MD5 checksum:             00A99E181520EE708B2996686DAFB55D

Filename:                 patchSG0005619.idb
Algorithm #1 (sum -r):    27780 4 patchSG0005619.idb
Algorithm #2 (sum):       30529 4 patchSG0005619.idb
MD5 checksum:             9D7EB526C45A4BC6D326623517B0E425

Filename:                 README.patch.5620
Algorithm #1 (sum -r):    24507 12 README.patch.5620
Algorithm #2 (sum):       48711 12 README.patch.5620
MD5 checksum:             7E5F494F5F96269B643BC9551D80152B

Filename:                 patchSG0005620
Algorithm #1 (sum -r):    60671 2 patchSG0005620
Algorithm #2 (sum):       889 2 patchSG0005620
MD5 checksum:             3666297139A84A7A4403FDC15CC37558

Filename:                 patchSG0005620.eoe_sw
Algorithm #1 (sum -r):    34519 7397 patchSG0005620.eoe_sw
Algorithm #2 (sum):       7306 7397 patchSG0005620.eoe_sw
MD5 checksum:             81EB081C267464AAC5AB6582CF136293

Filename:                 patchSG0005620.idb
Algorithm #1 (sum -r):    12908 7 patchSG0005620.idb
Algorithm #2 (sum):       61443 7 patchSG0005620.idb
MD5 checksum:             1E3A5E0E78CAACE6F22E87DE23DEE439

Filename:                 README.patch.5621
Algorithm #1 (sum -r):    63307 8 README.patch.5621
Algorithm #2 (sum):       52159 8 README.patch.5621
MD5 checksum:             07C7B9A54FFC166E65A5BD232619E00B

Filename:                 patchSG0005621
Algorithm #1 (sum -r):    40823 2 patchSG0005621
Algorithm #2 (sum):       63861 2 patchSG0005621
MD5 checksum:             99251C3CB549561797B1F8A1CF79980E

Filename:                 patchSG0005621.eoe_sw
Algorithm #1 (sum -r):    45374 30306 patchSG0005621.eoe_sw
Algorithm #2 (sum):       14682 30306 patchSG0005621.eoe_sw
MD5 checksum:             473A97E7657925D0B62D87DF525DEF44

Filename:                 patchSG0005621.idb
Algorithm #1 (sum -r):    15244 8 patchSG0005621.idb
Algorithm #2 (sum):       28355 8 patchSG0005621.idb
MD5 checksum:             82A403FBB855A487153BD4CC850966A4

Filename:                 README.patch.5622
Algorithm #1 (sum -r):    49770 14 README.patch.5622
Algorithm #2 (sum):       22274 14 README.patch.5622
MD5 checksum:             027134DBB673814B69F7ED7C90AD76DE

Filename:                 patchSG0005622
Algorithm #1 (sum -r):    06167 7 patchSG0005622
Algorithm #2 (sum):       25624 7 patchSG0005622
MD5 checksum:             B686E557D5A0E16DBAB251D1B752DBA3

Filename:                 patchSG0005622.eoe_sw
Algorithm #1 (sum -r):    37529 49781 patchSG0005622.eoe_sw
Algorithm #2 (sum):       50771 49781 patchSG0005622.eoe_sw
MD5 checksum:             4D1DBCF27D85703BABC2E14ED8EE07A0

Filename:                 patchSG0005622.idb
Algorithm #1 (sum -r):    41854 42 patchSG0005622.idb
Algorithm #2 (sum):       42170 42 patchSG0005622.idb
MD5 checksum:             E40F67E6B748C03790D2B7666E1CDAC3

Filename:                 README.patch.5624
Algorithm #1 (sum -r):    04248 8 README.patch.5624
Algorithm #2 (sum):       38599 8 README.patch.5624
MD5 checksum:             3D521B13E9E18E775A4DE9E53F2BBEF9

Filename:                 patchSG0005624
Algorithm #1 (sum -r):    19099 2 patchSG0005624
Algorithm #2 (sum):       40831 2 patchSG0005624
MD5 checksum:             C08A82E31B62F4598CE6144716D08EB3

Filename: 
               patchSG0005624.eoe_sw
Algorithm #1 (sum -r):    52994 12955 patchSG0005624.eoe_sw
Algorithm #2 (sum):       41300 12955 patchSG0005624.eoe_sw
MD5 checksum:             5EDBCF4A63EAFE9589A01FEAD9D453AB

Filename:                 patchSG0005624.idb
Algorithm #1 (sum -r):    60505 4 patchSG0005624.idb
Algorithm #2 (sum):       8691 4 patchSG0005624.idb
MD5 checksum:             FFE79C3C0615F2AD7D434B3D917DDD22

Filename:                 README.patch.5625
Algorithm #1 (sum -r):    15542 9 README.patch.5625
Algorithm #2 (sum):       15653 9 README.patch.5625
MD5 checksum:             2C2AF764C0F16C4A26928A5E14BE9D17

Filename:                 patchSG0005625
Algorithm #1 (sum -r):    13052 3 patchSG0005625
Algorithm #2 (sum):       6954 3 patchSG0005625
MD5 checksum:             6AEB9AFADD02B8E497C5E2EC1E1469DA

Filename:                 patchSG0005625.eoe_sw
Algorithm #1 (sum -r):    15531 33098 patchSG0005625.eoe_sw
Algorithm #2 (sum):       49021 33098 patchSG0005625.eoe_sw
MD5 checksum:             43101702322CC30B9AD37390C255116C

Filename:                 patchSG0005625.idb
Algorithm #1 (sum -r):    15449 14 patchSG0005625.idb
Algorithm #2 (sum):       24970 14 patchSG0005625.idb
MD5 checksum:             8A21763B9C2AD0BD1588C4638770DBF5

Filename:                 README.patch.5626
Algorithm #1 (sum -r):    53691 15 README.patch.5626
Algorithm #2 (sum):       38523 15 README.patch.5626
MD5 checksum:             3892A65973211DFD0A376164BBD179E7

Filename:                 patchSG0005626
Algorithm #1 (sum -r):    54635 3 patchSG0005626
Algorithm #2 (sum):       11312 3 patchSG0005626
MD5 checksum:             A33767648F808FABA3976109AB5CE9CE

Filename:                 patchSG0005626.eoe_sw
Algorithm #1 (sum -r):    01110 8289 patchSG0005626.eoe_sw
Algorithm #2 (sum):       32512 8289 patchSG0005626.eoe_sw
MD5 checksum:             70688C5BD8E662308E06184873010C84

Filename:                 patchSG0005626.idb
Algorithm #1 (sum -r):    14312 9 patchSG0005626.idb
Algorithm #2 (sum):       19430 9 patchSG0005626.idb
MD5 checksum:             D2A38D4A30AE487FF483236BE9286602

Filename:                 README.patch.5627
Algorithm #1 (sum -r):    49579 9 README.patch.5627
Algorithm #2 (sum):       15803 9 README.patch.5627
MD5 checksum:             598DDFB0213F48359BBFC8011983CE21

Filename:                 patchSG0005627
Algorithm #1 (sum -r):    07963 3 patchSG0005627
Algorithm #2 (sum):       15913 3 patchSG0005627
MD5 checksum:             DF0E3929A2640C244533CEAE4BD6F0A2

Filename:                 patchSG0005627.eoe_sw
Algorithm #1 (sum -r):    12832 33899 patchSG0005627.eoe_sw
Algorithm #2 (sum):       64006 33899 patchSG0005627.eoe_sw
MD5 checksum:             9EDDFD950476FCD4B6253C5A57C8F0E2

Filename:                 patchSG0005627.idb
Algorithm #1 (sum -r):    18535 20 patchSG0005627.idb
Algorithm #2 (sum):       4153 20 patchSG0005627.idb
MD5 checksum:             6F08EE7419FC288C21918962A728A1E9

Filename:                 README.patch.5628
Algorithm #1 (sum -r):    51847 15 README.patch.5628
Algorithm #2 (sum):       53488 15 README.patch.5628
MD5 checksum:             C34F5CC744939EDB8594406DB3398A71

Filename:                 patchSG0005628
Algorithm #1 (sum -r):    53187 3 patchSG0005628
Algorithm #2 (sum):       27987 3 patchSG0005628
MD5 checksum:             4D4BF0665913541F5F311C78D0120A03

Filename:                 patchSG0005628.eoe_sw
Algorithm #1 (sum -r):    38508 8652 patchSG0005628.eoe_sw
Algorithm #2 (sum):       30669 8652 patchSG0005628.eoe_sw
MD5 checksum:             00225A71FFDE69141609048BEC64AD50

Filename:                 patchSG0005628.idb
Algorithm #1 (sum -r):    55137 10 patchSG0005628.idb
Algorithm #2 (sum):       47584 10 patchSG0005628.idb
MD5 checksum:             7C7BEEAB09073C6E9BCC6A28622A6C55

Filename:                 README.patch.5630
Algorithm #1 (sum -r):    17066 9 README.patch.5630
Algorithm #2 (sum):       128 9 README.patch.5630
MD5 checksum:             CF061C37CDC86F4611E019B5EC5662B0

Filename:                 patchSG0005630
Algorithm #1 (sum -r):    17588 3 patchSG0005630
Algorithm #2 (sum):       7480 3 patchSG0005630
MD5 checksum:             96A320EBB45A805AB8D962ED71D2D39C

Filename:                 patchSG0005630.eoe_sw
Algorithm #1 (sum -r):    41259 14585 patchSG0005630.eoe_sw
Algorithm #2 (sum):       20688 14585 patchSG0005630.eoe_sw
MD5 checksum:             925FF34025049B474400F1D58C4C935D

Filename:                 patchSG0005630.idb
Algorithm #1 (sum -r):    06151 21 patchSG0005630.idb
Algorithm #2 (sum):       56421 21 patchSG0005630.idb
MD5 checksum:             9E36A630042FC9530FF8247CFF139BC5


- ------------------------
- --- Acknowledgments ----
- ------------------------

SGI wishes to thank Adam Gowdiak and the Poznan Supercomputing and
Networking Center for their assistance in this matter.


- -------------
- --- Links ---
- -------------

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

Red Hat Errata: Security Alerts, Bugfixes, and Enhancements
http://www.redhat.com/apps/support/errata/

SGI Advanced Linux Environment security updates can found on:
ftp://oss.sgi.com/projects/sgi_propack/download/

SGI patches can be found at the following patch servers:
http://support.sgi.com/

The primary SGI anonymous FTP site for security advisories and
security patches is ftp://patches.sgi.com/support/free/security/


- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
security-info@sgi.com.

                      ------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com.  Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

                      ------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap < YourEmailAddress such as midwatch@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to.  The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.


                      ------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .

                      ------oOo------

If there are general security questions on SGI systems, email can be sent to
security-info@sgi.com.

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A support
contract is not required for submitting a security report.

______________________________________________________________________________
      This information is provided freely to all interested parties
      and may be redistributed provided that it is not altered in any
      way, SGI is appropriately credited and the document retains and
      includes its valid PGP signature.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQM4RtbQ4cFApAP75AQGP1QP/ZkXiRBCjLyxWa4UoCCY25tw9ugQCFUHu
1itehxH/yaLPN1aC+u+6vzBAWLzEqT9LBqQu9JdBz1DoQy2/aLpcQj8YQMYYG7K1
6yMrnIipjM1udm2cQJd4Jou312nc08nEitQVAErnyshop1846wxjRKNtG2hu5Npd
5WVJZRlOihg=
=gKwp
-----END PGP SIGNATURE-----
    Copyright 2003, Silicon Graphics, Inc. All Rights Reserved.
    http://www.sgi.com/support/security/
===================================================================
To unsubscribe again from this mailinglist simply write an email to
<ecartis@Indigo.Homeunix.Org> and put this command into the body of
the email: unsubscribe irix
===================================================================

_________________
Shall I describe it to you? Or do you want me to get you a box?


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jun 17, 2004 2:01 am 
Offline
Moderator
Moderator
User avatar

Joined: Fri May 09, 2003 5:10 am
Posts: 2931
Location: Maryland, USA
This one is related:

Quote:

SGI IRIX Multiple Vulnerabilities

- -------------------------------------------------------------------------------------

Alert Type :VULNERABILITY ALERT

Threat Type :Unintended Weakness:Multiple Vulnerabilities

IntelliShield ID :7800
Version :1

Urgency :2 - Unlikely Use

Credibility :5 - Confirmed

Severity :4 - Moderate Damage

First Published :Jun 16, 2004; 05:03 PM EDT
Last Published :Jun 16, 2004; 05:03 PM EDT

Ports :Not Available

CVE :CAN-2004-0135, CAN-2004-0136, CAN-2004-0137

Version Summary
- -------------------------------------------------------------------------------------
SGI IRIX contains multiple vulnerabilities that allow a local attacker to create a denial of service condition or obtain elevated privileges. Patches are available.


Description
- -------------------------------------------------------------------------------------
SGI IRIX versions 6.5.20 through 6.5.24 contain vulnerabilities that can allow a local attacker to create a denial of service (DoS) condition and obtain elevated privileges on the affected system.

The first vulnerability (CAN-2004-0135) allows an attacker to exploit a system call to obtain read and write access to kernel memory. This could allow the attacker to gain root privileges on the system.

The second vulnerability (CAN-2004-0136) allows an attacker to use a corrupted binary to crash the system, resulting in a DoS condition.

The third vulnerability (CAN-2004-0137) allows an attacker to cause init to panic, resulting in a DoS condition.

Patches are available.

Impact
- -------------------------------------------------------------------------------------
A local attacker could exploit these vulnerabilities to obtain root privileges on the affected system and create a DoS condition.

Warning Indicators
- -------------------------------------------------------------------------------------
Systems running SGI IRIX versions 6.5.20 through 6.5.24 are vulnerable.

Technical Information
- -------------------------------------------------------------------------------------
The first vulnerability is due to a flaw in the syssgi() system call and allows an attacker to gain read and write access to kernel memory. An attacker could exploit this vulnerability to obtain root privileges by issuing specially crafted SGI_IOPROBE requests.

The second vulnerability exists because of an error in the mapelf32exec() function and allows an attacker to crash the system through a malformed binary.

The third vulnerability exists due to an unspecified page invalidation error. An attacker could exploit this vulnerability to cause init to panic.

TruSecure Comments
- -------------------------------------------------------------------------------------
In order to exploit these vulnerabilities, an attacker requires local access to the affected system. Few details have been released concerning these vulnerabilities. Administrators are advised to restrict local system access to trusted users.

Safeguards
- -------------------------------------------------------------------------------------
Administrators are advised to install the latest patches.

Administrators are advised to restrict local system access to trusted users.

Administrators are advised to closely monitor affected systems until they can be patched.

Vendor Announcements
- -------------------------------------------------------------------------------------
SGI has released a security advisory at the following FTP link: 20040601-01-P["ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc"]

Patches/Software
- -------------------------------------------------------------------------------------
SGI has released patches for IRIX for registered users at the following FTP link: IRIX["ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc"]

Alert History
- -------------------------------------------------------------------------------------
This is a TruSecure Vulnerability Alert.


Product Sets
- -------------------------------------------------------------------------------------
The security vulnerability applies to the following combinations of products.


Primary Products:
- -----------------
[Silicon Graphics, Inc (SGI)] IRIX: 6.5.20 | 6.5.21 | 6.5.22 | 6.5.23 | 6.5.24





Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group