__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN SGI - System Call SGI_IOPROBE Vulnerability [SGI Security Advisory 20040601-01-P] June 22, 2004 17:00 GMT Number O-167 [REVISED 11 Aug 2004] ______________________________________________________________________________ PROBLEM: SGI_IOPROBE is an SGI system call used to determine the system configuration. A vulnerability has been identified in this system call which can be used to gain unauthorized privileges. Denial of Service and Page Invalidation issues were also found, and fixes were included in their patch for the SGI_IOPROBE vulnerability. PLATFORM: IRIX 6.5.20 and newer. DAMAGE: Under certain conditions, non-privileged local users could read and write to kernel memory and gain root access. SOLUTION: Install the appropriate SGI patches. On 8/10/04, SGI released patch #5656 to replace #5619 which has been marked "bad". ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. A local user could gain root access. ASSESSMENT: ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-167.shtml ORIGINAL BULLETINS: ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20040601-02-P.asc CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-0135 CAN-2004-0136 CAN-2004-0137 ______________________________________________________________________________ REVISION HISTORY: 8/11/04 - Added link for SGI Advisory 20040601-02-P which released a replacement patch #5656 replacing #5619. [***** Start SGI Security Advisory 20040601-02-P *****] -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SGI Security Advisory Title: syssgi system call vulnerability and other security fixes Number: 20040601-02-P Date: August 10, 2004 Reference: SGI BUG 914420, CVE CAN-2004-0135 Reference: SGI BUG 912601, CVE CAN-2004-0136 Reference: SGI BUG 907407, CVE CAN-2004-0137 Fixed in: Patches 5625 5548 5626 5627 5549 5628 5621 5550 5620 5622 Fixed in: Patches 5551 5613 5630 5656 5553 5624 5593 ______________________________________________________________________________ SGI provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. SGI recommends that this information be acted upon as soon as possible. SGI provides the information in this Security Advisory on an "AS-IS" basis only, and disclaims all warranties with respect thereto, express, implied or otherwise, including, without limitation, any warranty of merchantability or fitness for a particular purpose. In no event shall SGI be liable for any loss of profits, loss of business, loss of data or for any indirect, special, exemplary, incidental or consequential damages of any kind arising from your use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ - -------------- - --- Update --- - -------------- Patch 5619 was marked bad due to an extraneous warning. Patch 5619 was replaced with patch 5656. - ----------------------- - --- Issue Specifics --- - ----------------------- Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. SGI has assigned the following Common Vulnerabilities and Exposures (cve.mitre.org) name to the syssgi SGI_IOPROBE vulnerability: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0135 Two local DoS fixes are also addressed in these patches: * 912601: corrupted binary can crash the system in mapelf32exec() http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0136 * 907407: init can panic due to page invalidation issues http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0137 SGI has investigated the issue and recommends the following steps for resolving this issue. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. This issue has been corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- To determine the version of IRIX you are running, execute the following command: # /bin/uname -R That will return a result similar to the following: # 6.5 6.5.21f The first number ("6.5") is the release name, the second ("6.5.21f" in this case) is the extended release name. The extended release name is the "version" we refer to throughout this document. - ---------------- - --- Solution --- - ---------------- SGI has provided a series of patches for these vulnerabilities. Our recommendation is to upgrade to IRIX 6.5.25, or install the appropriate patches. OS Version Vulnerable? Patch # Other Actions - ---------- ----------- ------- ------------- IRIX 3.x unknown Note 1 IRIX 4.x unknown Note 1 IRIX 5.x unknown Note 1 IRIX 6.0.x unknown Note 1 IRIX 6.1 unknown Note 1 IRIX 6.2 unknown Note 1 IRIX 6.3 unknown Note 1 IRIX 6.4 unknown Note 1 IRIX 6.5 unknown Note 1 IRIX 6.5.1 unknown Note 1 IRIX 6.5.2 unknown Note 1 IRIX 6.5.3 unknown Note 1 IRIX 6.5.4 unknown Note 1 IRIX 6.5.5 unknown Note 1 IRIX 6.5.6 unknown Note 1 IRIX 6.5.7 unknown Note 1 IRIX 6.5.8 unknown Note 1 IRIX 6.5.9 unknown Note 1 IRIX 6.5.10 unknown Note 1 IRIX 6.5.11 unknown Note 1 IRIX 6.5.12 unknown Note 1 IRIX 6.5.13 unknown Note 1 IRIX 6.5.14 unknown Note 1 IRIX 6.5.15 unknown Note 1 IRIX 6.5.16 unknown Note 1 IRIX 6.5.17 unknown Note 1 IRIX 6.5.18 unknown Note 1 IRIX 6.5.19 unknown Note 1 IRIX 6.5.20m yes 5625 & 5548 Notes 2 & 3 & 4 or 5626 & 5548 IRIX 6.5.20f yes 5627 & 5549 Notes 2 & 3 & 5 or 5628 & 5549 IRIX 6.5.21m yes 5621 & 5550 Notes 2 & 3 & 6 or 5620 & 5550 IRIX 6.5.21f yes 5622 & 5551 Notes 2 & 3 IRIX 6.5.22 yes 5613 & 5630 Notes 2 & 3 IRIX 6.5.23 yes 5656 & 5553 Notes 2 & 3 IRIX 6.5.24 yes 5624 & 5593 Notes 2 & 3 IRIX 6.5.25 no NOTES 1) This version of the IRIX operating system is not actively supported. Upgrade to an actively supported IRIX operating system. See http://support.sgi.com/ for more information. 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your SGI Support Provider or URL: http://support.sgi.com/ 3) Install ALL the required patch(es) based on your operating release. 4) Patches 5625 & 5548 are for all platforms except IP35 systems. Patches 5626 & 5548 are for IP35 systems only. 5) Patches 5627 & 5549 are for all platforms except IP35 systems. Patches 5628 & 5549 are for IP35 systems only. 6) Patches 5621 & 5550 are for all platforms except IP35 systems. Patches 5620 & 5550 are for IP35 systems only. ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.5548 Algorithm #1 (sum -r): 26166 9 README.patch.5548 Algorithm #2 (sum): 18572 9 README.patch.5548 MD5 checksum: B959E9138AC13D5B4D3EC58AB9787316 Filename: patchSG0005548 Algorithm #1 (sum -r): 13142 5 patchSG0005548 Algorithm #2 (sum): 13101 5 patchSG0005548 MD5 checksum: 2F4B0DE6EDA3EC7FE877C1C30FB24792 Filename: patchSG0005548.eoe_sw Algorithm #1 (sum -r): 33151 18039 patchSG0005548.eoe_sw Algorithm #2 (sum): 18823 18039 patchSG0005548.eoe_sw MD5 checksum: 8E5E40C1A89A31A563FB3B49D868D380 Filename: patchSG0005548.idb Algorithm #1 (sum -r): 26717 29 patchSG0005548.idb Algorithm #2 (sum): 13280 29 patchSG0005548.idb MD5 checksum: D08197D45FC6933C49E0C1893153B900 Filename: README.patch.5549 Algorithm #1 (sum -r): 40030 9 README.patch.5549 Algorithm #2 (sum): 20807 9 README.patch.5549 MD5 checksum: 2761D23E07FFE86E5E7D18DDB0BE9D97 Filename: patchSG0005549 Algorithm #1 (sum -r): 43400 2 patchSG0005549 Algorithm #2 (sum): 51896 2 patchSG0005549 MD5 checksum: 44C8DA9E91DDA27D9E8D01CF9891B0B3 Filename: patchSG0005549.eoe_sw Algorithm #1 (sum -r): 15049 15542 patchSG0005549.eoe_sw Algorithm #2 (sum): 17768 15542 patchSG0005549.eoe_sw MD5 checksum: 616E1E9D8F084CFF3770B871B3FD10C3 Filename: patchSG0005549.idb Algorithm #1 (sum -r): 57827 9 patchSG0005549.idb Algorithm #2 (sum): 246 9 patchSG0005549.idb MD5 checksum: E4F8FEEA0E751B0FE56FB138604E6129 Filename: README.patch.5550 Algorithm #1 (sum -r): 54963 8 README.patch.5550 Algorithm #2 (sum): 41537 8 README.patch.5550 MD5 checksum: DD131FE14A646E8D8D78A21F24C489C3 Filename: patchSG0005550 Algorithm #1 (sum -r): 16785 1 patchSG0005550 Algorithm #2 (sum): 32514 1 patchSG0005550 MD5 checksum: E27BB553CC350FEDF2EBD0A215AF0013 Filename: patchSG0005550.eoe_sw Algorithm #1 (sum -r): 00937 13396 patchSG0005550.eoe_sw Algorithm #2 (sum): 57917 13396 patchSG0005550.eoe_sw MD5 checksum: 8D5320961B39E8998D54D15BF3B45D14 Filename: patchSG0005550.idb Algorithm #1 (sum -r): 51844 8 patchSG0005550.idb Algorithm #2 (sum): 38152 8 patchSG0005550.idb MD5 checksum: A83324F8F4140ACAD4643447948B006F Filename: README.patch.5551 Algorithm #1 (sum -r): 55602 8 README.patch.5551 Algorithm #2 (sum): 33151 8 README.patch.5551 MD5 checksum: 8D66DD9494365B233F6C01515EA97F3A Filename: patchSG0005551 Algorithm #1 (sum -r): 10276 2 patchSG0005551 Algorithm #2 (sum): 38762 2 patchSG0005551 MD5 checksum: 2762694336F92F9439683849097C4126 Filename: patchSG0005551.eoe_sw Algorithm #1 (sum -r): 29512 14002 patchSG0005551.eoe_sw Algorithm #2 (sum): 23969 14002 patchSG0005551.eoe_sw MD5 checksum: 64F405B6C5E2B9DC04310BD9F10CEE09 Filename: patchSG0005551.idb Algorithm #1 (sum -r): 30570 8 patchSG0005551.idb Algorithm #2 (sum): 38288 8 patchSG0005551.idb MD5 checksum: 307BA9B2855ED1E5A061125F7C358D6E Filename: README.patch.5553 Algorithm #1 (sum -r): 46824 8 README.patch.5553 Algorithm #2 (sum): 54465 8 README.patch.5553 MD5 checksum: 24AB2CA3A0CEA9C318E398C2BA436ECD Filename: patchSG0005553 Algorithm #1 (sum -r): 18187 2 patchSG0005553 Algorithm #2 (sum): 38628 2 patchSG0005553 MD5 checksum: 283C010B562210F38D47B510F4CFEB2D Filename: patchSG0005553.eoe_sw Algorithm #1 (sum -r): 50710 14005 patchSG0005553.eoe_sw Algorithm #2 (sum): 17756 14005 patchSG0005553.eoe_sw MD5 checksum: FE920B46DF530791039CB0AEB93859BE Filename: patchSG0005553.idb Algorithm #1 (sum -r): 38820 8 patchSG0005553.idb Algorithm #2 (sum): 38378 8 patchSG0005553.idb MD5 checksum: C3BF2CB0F10A2ACBC2074A198A5B569A Filename: README.patch.5593 Algorithm #1 (sum -r): 33394 8 README.patch.5593 Algorithm #2 (sum): 37264 8 README.patch.5593 MD5 checksum: FB492D4B35E7F1F3F959D8E9923E5556 Filename: patchSG0005593 Algorithm #1 (sum -r): 02567 1 patchSG0005593 Algorithm #2 (sum): 34191 1 patchSG0005593 MD5 checksum: 679FF67051E7823560A3E55426E98A30 Filename: patchSG0005593.eoe_sw Algorithm #1 (sum -r): 05976 5136 patchSG0005593.eoe_sw Algorithm #2 (sum): 15294 5136 patchSG0005593.eoe_sw MD5 checksum: F7DA069E3ADE041D5373E5445744DD17 Filename: patchSG0005593.idb Algorithm #1 (sum -r): 02257 4 patchSG0005593.idb Algorithm #2 (sum): 62883 4 patchSG0005593.idb MD5 checksum: 58F1EC38146F3A09240222D373ED233F Filename: README.patch.5613 Algorithm #1 (sum -r): 42073 9 README.patch.5613 Algorithm #2 (sum): 22676 9 README.patch.5613 MD5 checksum: 760B9D835D59457C81EA39547AD81A07 Filename: patchSG0005613 Algorithm #1 (sum -r): 34590 2 patchSG0005613 Algorithm #2 (sum): 51723 2 patchSG0005613 MD5 checksum: B28E516B51DCB46B28DC796281511A47 Filename: patchSG0005613.eoe_sw Algorithm #1 (sum -r): 46578 36821 patchSG0005613.eoe_sw Algorithm #2 (sum): 38369 36821 patchSG0005613.eoe_sw MD5 checksum: EDBCB48FE88DE4656FE6800714DAC7FF Filename: patchSG0005613.idb Algorithm #1 (sum -r): 63612 15 patchSG0005613.idb Algorithm #2 (sum): 45686 15 patchSG0005613.idb MD5 checksum: 6CEC4F36E3D60F57F9699A7EF56D6074 Filename: README.patch.5620 Algorithm #1 (sum -r): 24507 12 README.patch.5620 Algorithm #2 (sum): 48711 12 README.patch.5620 MD5 checksum: 7E5F494F5F96269B643BC9551D80152B Filename: patchSG0005620 Algorithm #1 (sum -r): 60671 2 patchSG0005620 Algorithm #2 (sum): 889 2 patchSG0005620 MD5 checksum: 3666297139A84A7A4403FDC15CC37558 Filename: patchSG0005620.eoe_sw Algorithm #1 (sum -r): 34519 7397 patchSG0005620.eoe_sw Algorithm #2 (sum): 7306 7397 patchSG0005620.eoe_sw MD5 checksum: 81EB081C267464AAC5AB6582CF136293 Filename: patchSG0005620.idb Algorithm #1 (sum -r): 12908 7 patchSG0005620.idb Algorithm #2 (sum): 61443 7 patchSG0005620.idb MD5 checksum: 1E3A5E0E78CAACE6F22E87DE23DEE439 Filename: README.patch.5621 Algorithm #1 (sum -r): 63307 8 README.patch.5621 Algorithm #2 (sum): 52159 8 README.patch.5621 MD5 checksum: 07C7B9A54FFC166E65A5BD232619E00B Filename: patchSG0005621 Algorithm #1 (sum -r): 40823 2 patchSG0005621 Algorithm #2 (sum): 63861 2 patchSG0005621 MD5 checksum: 99251C3CB549561797B1F8A1CF79980E Filename: patchSG0005621.eoe_sw Algorithm #1 (sum -r): 45374 30306 patchSG0005621.eoe_sw Algorithm #2 (sum): 14682 30306 patchSG0005621.eoe_sw MD5 checksum: 473A97E7657925D0B62D87DF525DEF44 Filename: patchSG0005621.idb Algorithm #1 (sum -r): 15244 8 patchSG0005621.idb Algorithm #2 (sum): 28355 8 patchSG0005621.idb MD5 checksum: 82A403FBB855A487153BD4CC850966A4 Filename: README.patch.5622 Algorithm #1 (sum -r): 49770 14 README.patch.5622 Algorithm #2 (sum): 22274 14 README.patch.5622 MD5 checksum: 027134DBB673814B69F7ED7C90AD76DE Filename: patchSG0005622 Algorithm #1 (sum -r): 06167 7 patchSG0005622 Algorithm #2 (sum): 25624 7 patchSG0005622 MD5 checksum: B686E557D5A0E16DBAB251D1B752DBA3 Filename: patchSG0005622.eoe_sw Algorithm #1 (sum -r): 37529 49781 patchSG0005622.eoe_sw Algorithm #2 (sum): 50771 49781 patchSG0005622.eoe_sw MD5 checksum: 4D1DBCF27D85703BABC2E14ED8EE07A0 Filename: patchSG0005622.idb Algorithm #1 (sum -r): 41854 42 patchSG0005622.idb Algorithm #2 (sum): 42170 42 patchSG0005622.idb MD5 checksum: E40F67E6B748C03790D2B7666E1CDAC3 Filename: README.patch.5624 Algorithm #1 (sum -r): 04248 8 README.patch.5624 Algorithm #2 (sum): 38599 8 README.patch.5624 MD5 checksum: 3D521B13E9E18E775A4DE9E53F2BBEF9 Filename: patchSG0005624 Algorithm #1 (sum -r): 19099 2 patchSG0005624 Algorithm #2 (sum): 40831 2 patchSG0005624 MD5 checksum: C08A82E31B62F4598CE6144716D08EB3 Filename: patchSG0005624.eoe_sw Algorithm #1 (sum -r): 52994 12955 patchSG0005624.eoe_sw Algorithm #2 (sum): 41300 12955 patchSG0005624.eoe_sw MD5 checksum: 5EDBCF4A63EAFE9589A01FEAD9D453AB Filename: patchSG0005624.idb Algorithm #1 (sum -r): 60505 4 patchSG0005624.idb Algorithm #2 (sum): 8691 4 patchSG0005624.idb MD5 checksum: FFE79C3C0615F2AD7D434B3D917DDD22 Filename: README.patch.5625 Algorithm #1 (sum -r): 15542 9 README.patch.5625 Algorithm #2 (sum): 15653 9 README.patch.5625 MD5 checksum: 2C2AF764C0F16C4A26928A5E14BE9D17 Filename: patchSG0005625 Algorithm #1 (sum -r): 13052 3 patchSG0005625 Algorithm #2 (sum): 6954 3 patchSG0005625 MD5 checksum: 6AEB9AFADD02B8E497C5E2EC1E1469DA Filename: patchSG0005625.eoe_sw Algorithm #1 (sum -r): 15531 33098 patchSG0005625.eoe_sw Algorithm #2 (sum): 49021 33098 patchSG0005625.eoe_sw MD5 checksum: 43101702322CC30B9AD37390C255116C Filename: patchSG0005625.idb Algorithm #1 (sum -r): 15449 14 patchSG0005625.idb Algorithm #2 (sum): 24970 14 patchSG0005625.idb MD5 checksum: 8A21763B9C2AD0BD1588C4638770DBF5 Filename: README.patch.5626 Algorithm #1 (sum -r): 53691 15 README.patch.5626 Algorithm #2 (sum): 38523 15 README.patch.5626 MD5 checksum: 3892A65973211DFD0A376164BBD179E7 Filename: patchSG0005626 Algorithm #1 (sum -r): 54635 3 patchSG0005626 Algorithm #2 (sum): 11312 3 patchSG0005626 MD5 checksum: A33767648F808FABA3976109AB5CE9CE Filename: patchSG0005626.eoe_sw Algorithm #1 (sum -r): 01110 8289 patchSG0005626.eoe_sw Algorithm #2 (sum): 32512 8289 patchSG0005626.eoe_sw MD5 checksum: 70688C5BD8E662308E06184873010C84 Filename: patchSG0005626.idb Algorithm #1 (sum -r): 14312 9 patchSG0005626.idb Algorithm #2 (sum): 19430 9 patchSG0005626.idb MD5 checksum: D2A38D4A30AE487FF483236BE9286602 Filename: README.patch.5627 Algorithm #1 (sum -r): 49579 9 README.patch.5627 Algorithm #2 (sum): 15803 9 README.patch.5627 MD5 checksum: 598DDFB0213F48359BBFC8011983CE21 Filename: patchSG0005627 Algorithm #1 (sum -r): 07963 3 patchSG0005627 Algorithm #2 (sum): 15913 3 patchSG0005627 MD5 checksum: DF0E3929A2640C244533CEAE4BD6F0A2 Filename: patchSG0005627.eoe_sw Algorithm #1 (sum -r): 12832 33899 patchSG0005627.eoe_sw Algorithm #2 (sum): 64006 33899 patchSG0005627.eoe_sw MD5 checksum: 9EDDFD950476FCD4B6253C5A57C8F0E2 Filename: patchSG0005627.idb Algorithm #1 (sum -r): 18535 20 patchSG0005627.idb Algorithm #2 (sum): 4153 20 patchSG0005627.idb MD5 checksum: 6F08EE7419FC288C21918962A728A1E9 Filename: README.patch.5628 Algorithm #1 (sum -r): 51847 15 README.patch.5628 Algorithm #2 (sum): 53488 15 README.patch.5628 MD5 checksum: C34F5CC744939EDB8594406DB3398A71 Filename: patchSG0005628 Algorithm #1 (sum -r): 53187 3 patchSG0005628 Algorithm #2 (sum): 27987 3 patchSG0005628 MD5 checksum: 4D4BF0665913541F5F311C78D0120A03 Filename: patchSG0005628.eoe_sw Algorithm #1 (sum -r): 38508 8652 patchSG0005628.eoe_sw Algorithm #2 (sum): 30669 8652 patchSG0005628.eoe_sw MD5 checksum: 00225A71FFDE69141609048BEC64AD50 Filename: patchSG0005628.idb Algorithm #1 (sum -r): 55137 10 patchSG0005628.idb Algorithm #2 (sum): 47584 10 patchSG0005628.idb MD5 checksum: 7C7BEEAB09073C6E9BCC6A28622A6C55 Filename: README.patch.5630 Algorithm #1 (sum -r): 17066 9 README.patch.5630 Algorithm #2 (sum): 128 9 README.patch.5630 MD5 checksum: CF061C37CDC86F4611E019B5EC5662B0 Filename: patchSG0005630 Algorithm #1 (sum -r): 17588 3 patchSG0005630 Algorithm #2 (sum): 7480 3 patchSG0005630 MD5 checksum: 96A320EBB45A805AB8D962ED71D2D39C Filename: patchSG0005630.eoe_sw Algorithm #1 (sum -r): 41259 14585 patchSG0005630.eoe_sw Algorithm #2 (sum): 20688 14585 patchSG0005630.eoe_sw MD5 checksum: 925FF34025049B474400F1D58C4C935D Filename: patchSG0005630.idb Algorithm #1 (sum -r): 06151 21 patchSG0005630.idb Algorithm #2 (sum): 56421 21 patchSG0005630.idb MD5 checksum: 9E36A630042FC9530FF8247CFF139BC5 Filename: README.patch.5656 Algorithm #1 (sum -r): 64731 9 README.patch.5656 Algorithm #2 (sum): 60263 9 README.patch.5656 MD5 checksum: 1B79AE5C0E472756CACDA0E5DCA66821 Filename: patchSG0005656 Algorithm #1 (sum -r): 43995 2 patchSG0005656 Algorithm #2 (sum): 57226 2 patchSG0005656 MD5 checksum: 36AD3EF8C729E2F948E6C7EEF5873281 Filename: patchSG0005656.eoe_sw Algorithm #1 (sum -r): 30069 13017 patchSG0005656.eoe_sw Algorithm #2 (sum): 28650 13017 patchSG0005656.eoe_sw MD5 checksum: DF4D7D544E696437CB75044DB450F438 Filename: patchSG0005656.idb Algorithm #1 (sum -r): 20863 4 patchSG0005656.idb Algorithm #2 (sum): 20138 4 patchSG0005656.idb MD5 checksum: 658A753A9EB4C44F97BDA0D11F21E40B - ------------------------ - --- Acknowledgments ---- - ------------------------ SGI wishes to thank Adam Gowdiak and the Poznan Supercomputing and Networking Center for their assistance in this matter. - ------------- - --- Links --- - ------------- SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/advisories/ Red Hat Errata: Security Alerts, Bugfixes, and Enhancements http://www.redhat.com/apps/support/errata/ SGI Advanced Linux Environment security updates can found on: ftp://oss.sgi.com/projects/sgi_propack/download/ SGI patches can be found at the following patch servers: http://support.sgi.com/ The primary SGI anonymous FTP site for security advisories and security patches is ftp://patches.sgi.com/support/free/security/ - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- If there are questions about this document, email can be sent to security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com. Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to security-info@sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/support/security/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request@sgi.com subscribe wiretap < YourEmailAddress such as midwatch@sgi.com > end ^d In the example above, is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ SGI provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/support/security/ . ------oOo------ If there are general security questions on SGI systems, email can be sent to security-info@sgi.com. For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. ______________________________________________________________________________ This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, SGI is appropriately credited and the document retains and includes its valid PGP signature. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQRlf1LQ4cFApAP75AQGrbQP+PoDw5fQxpgFyJ8EYmp4YyYMubB0t9slC RRH4eDxHM+Tg36LqE1YxFfTB1Ja3j8icjPmzt3K0ry3NBN6M6PTWiCFr6aiM4/7S cqqKjQsWAU1oBvTFusiTguX+y1KnRS0sQQ8F3Dt3AsnGBUGip+1VuiyvQig50xig hQrtjzR3E8k= =GaPO -----END PGP SIGNATURE----- [***** End SGI Security Advisory 20040601-01-P *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Silicon Graphics, Inc. for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) O-157: Cisco CatOS Telnet, HTTP and SSH Vulnerability O-158: FTP Client Improperly handles Pipe Character in File Names O-159: NETGEAR WG602 Wireless Access Point Default Backdoor Account Vulnerability O-160: Microsoft Windows 2000 Advanced Server Security Bypass O-161: RealPlayer Security Vulnerabilities O-162: Red Hat Updated Tripwire Packages Fix Security Flaw O-163: Cisco IOS Malformed BGP Packet Causes Reload O-164: Red Hat Updated Kernel Packages Fix Security Vulnerabilities O-165: Red Hat Updated libpng Packages Fix Security Issue O-166: Sun StorEdge Enterprise Storage Manager (ESM) 2.1 Vulnerability