Multiple Ethernet NIC Device Driver Information Disclosure V

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
squeen
Moderator
Moderator
Posts: 2932
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Multiple Ethernet NIC Device Driver Information Disclosure V

Unread postby squeen » Mon Aug 04, 2003 7:13 am

And another (no patch)
SGI acknowledges the network device driver vulnerability reported by AtStake
and is currently investigating:

http://www.atstake.com/research/advisor ... report.pdf
http://www.kb.cert.org/vuls/id/412115
http://cve.mitre.org/cgi-bin/cvename.cg ... -2003-0001

Our initial investigation shows that our egXX and tgXX gigabit cards and
efXX interfaces in Origins and Octanes don't appear to be vulnerable.

No further information is available at this time. As further information
becomes available, additional advisories will be issued.

For the protection of all our customers, SGI does not disclose, discuss or
confirm vulnerabilities until a full investigation has occurred and any
necessary patch(es) or release streams are available for all vulnerable and
supported Linux and IRIX operating systems.

Until SGI has more definitive information to provide, customers are
encouraged to assume all security vulnerabilities as exploitable and take
appropriate steps according to local site security policies and
requirements.

As further information becomes available, additional advisories will be
issued via the normal SGI security information distribution methods
including the wiretap mailing list.

Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 0 guests