-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================


===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : Gert Meijerink                              Index  :    S-96-26
Distribution  : World                                       Page   :          1
Classification: External                                    Version:          1
Subject       : SGI Security Advisory 19960501-01-PX        Date   :  22-may-96
===============================================================================

By courtesy of Silicon Graphics Inc. we received information on a 
vulnerability in the IRIX 5.3, 6.1, and 6.2 operating systems regarding 
the permissions tool under the IRIX desktop environment.

CERT-NL recommends that this information be acted upon as soon as possible.

Note that CERT-NL not yet mirrors SGI patches.


==============================================================================
______________________________________________________________________________
                Silicon Graphics Inc. Security Advisory

        Title:   IRIX 5.3, 6.1, 6.2 Desktop Permissions Panel
        Number:  19960501-01-PX
        Date:    May 21, 1996
______________________________________________________________________________
Silicon Graphics provides this information freely to the SGI user community
for its consideration, interpretation, implementation and use.   Silicon
Graphics recommends that this information be acted upon as soon as possible.

Silicon Graphics  will  not  be  liable  for any  indirect, special, or
consequential damages arising from the use of, failure to use or improper
use of any of the instructions or information in this Security Advisory.
______________________________________________________________________________


- - --------------
- - --- Impact ---
- - --------------


A vulnerability has been discovered in the IRIX 5.3, 6.1, and 6.2
operating systems regarding the permissions tool under the IRIX
desktop environment.

Normally, this tool is used by users to modify the permissions on their
files and files they are privileged for.  Under certain conditions, a user
may be able to modify the permissions for restricted files.  This is SGI
Bug #375613.

In order to exploit this vulnerability, it is necessary to have access
to a local account that can start the graphical permissions tool.
Refer to SGI Security Advisory 19951002 and/or system documentation
regarding password issues.

SGI Engineering has investigated this issue and recommends the following
steps for neutralizing the exposure.  It is HIGHLY RECOMMENDED that these
measures be done on ALL SGI systems running IRIX 5.3, 6.1, and 6.2.
This issue will be corrected in future releases of IRIX.



- - ----------------
- - --- Solution ---
- - ----------------



**** IRIX 5.2, 6.0, 6.0.1 ****

IRIX operating system versions 5.2, 6.0, and 6.0.1 are not vulnerable.
No further action is required.


**** IRIX 5.3 ****

For the IRIX operating system version 5.3, an inst-able patch has been
generated and made available via anonymous FTP and your service/support
provider.  The patch is number 1324 and will only install on IRIX 5.3.

The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its
mirror, ftp.sgi.com.   Patch 1324 can be found in the following
directories on the FTP server:

        ~ftp/Security

                or

        ~ftp/Patches/5.3

                        ##### Checksums ####

The actual patch will be a tar file containing the following files:


Filename:                 README.patch.1324
Algorithm #1 (sum -r):    36453 8 README.patch.1324
Algorithm #2 (sum):       40114 8 README.patch.1324
MD5 checksum:             028F5506433A1B9F770F1809D741EF98

Filename:                 patchSG0001324
Algorithm #1 (sum -r):    10430 1 patchSG0001324
Algorithm #2 (sum):       35624 1 patchSG0001324
MD5 checksum:             F7C85F5A0870BA4C08DD62F181C81F2E

Filename:                 patchSG0001324.desktop_eoe_sw
Algorithm #1 (sum -r):    40704 106 patchSG0001324.desktop_eoe_sw
Algorithm #2 (sum):       32497 106 patchSG0001324.desktop_eoe_sw
MD5 checksum:             EAF31E523E150A29FCF487B1C2802F50

Filename:                 patchSG0001324.idb
Algorithm #1 (sum -r):    62749 2 patchSG0001324.idb
Algorithm #2 (sum):       58166 2 patchSG0001324.idb
MD5 checksum:             96E559406CA6ABD75ACAA879776D028E



**** IRIX 6.1 ****

For the IRIX operating system version 6.1, an inst-able patch has been
generated and made available via anonymous FTP and your service/support
provider.  The patch is number 1325 and will only install on IRIX 6.1.

The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its
mirror, ftp.sgi.com.   Patch 1325 can be found in the following
directories on the FTP server:

        ~ftp/Security

                or

        ~ftp/Patches/6.1

                        ##### Checksums ####

The actual patch will be a tar file containing the following files:


Filename:                 README.patch.1325
Algorithm #1 (sum -r):    64561 8 README.patch.1325
Algorithm #2 (sum):       40513 8 README.patch.1325
MD5 checksum:             846AECCEA5658BAFC843999968EC1F19

Filename:                 patchSG0001325
Algorithm #1 (sum -r):    49679 1 patchSG0001325
Algorithm #2 (sum):       31737 1 patchSG0001325
MD5 checksum:             277DC0914388DB42CAF4F67166B6AD84

Filename:                 patchSG0001325.desktop_eoe_sw
Algorithm #1 (sum -r):    23688 106 patchSG0001325.desktop_eoe_sw
Algorithm #2 (sum):       16622 106 patchSG0001325.desktop_eoe_sw
MD5 checksum:             F9C6CBB8085916980F6FB0E750ED2739

Filename:                 patchSG0001325.idb
Algorithm #1 (sum -r):    44246 2 patchSG0001325.idb
Algorithm #2 (sum):       58029 2 patchSG0001325.idb
MD5 checksum:             7B5A50A754D4F2BCF43B2FB36402D2B9



**** IRIX 6.2 ****

For the IRIX operating system version 6.2, an inst-able patch has been
generated and made available via anonymous FTP and your service/support
provider.  The patch is number 1326 and will only install on IRIX 6.2.

The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its
mirror, ftp.sgi.com.   Patch 1326 can be found in the following
directories on the FTP server:

        ~ftp/Security

                or

        ~ftp/Patches/6.2

                        ##### Checksums ####

The actual patch will be a tar file containing the following files:


Filename:                 README.patch.1326
Algorithm #1 (sum -r):    26556 8 README.patch.1326
Algorithm #2 (sum):       40503 8 README.patch.1326
MD5 checksum:             100284465A0FC83BCDA9F51276628C2F

Filename:                 patchSG0001326
Algorithm #1 (sum -r):    09453 1 patchSG0001326
Algorithm #2 (sum):       33991 1 patchSG0001326
MD5 checksum:             F22B45302095D815129FCDB52204F947

Filename:                 patchSG0001326.desktop_eoe_sw
Algorithm #1 (sum -r):    33276 105 patchSG0001326.desktop_eoe_sw
Algorithm #2 (sum):       65086 105 patchSG0001326.desktop_eoe_sw
MD5 checksum:             10798EFCDAB679BC26DE18A007666599

Filename:                 patchSG0001326.idb
Algorithm #1 (sum -r):    34209 2 patchSG0001326.idb
Algorithm #2 (sum):       57308 2 patchSG0001326.idb
MD5 checksum:             3F7CA27CB954C83ACA7E711B1F29139F



- - ------------------------
- - --- Acknowledgments ---
- - ------------------------

Silicon Graphics wishes to thank Aaron Mantel of NASA for his
assistance in this matter.



- - -----------------------------------------
- - --- SGI Security Information/Contacts ---
- - -----------------------------------------

Past SGI Advisories and security patches can be obtained via
anonymous FTP from sgigate.sgi.com or its mirror, ftp.sgi.com.
These security patches and advisories are provided freely to
all interested parties.   For issues with the patches on the
FTP sites, email can be sent to cse-security-alert@csd.sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

If there are questions about this document, email can be sent to
cse-security-alert@csd.sgi.com.

Silicon Graphics provides a free security mailing list service. The
wiretap service allows interested parties to self-subscribe to receive
(via email) all SGI Security Advisories when released.

     mail external-majordomo@postofc.corp.sgi.com

     [BODY of "subscribe wiretap YourEmailAddress"]

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A
support contract is not required for submitting a security report.

For those customers with WWW capability, the Silicon Graphics Security
Headquarters webpages serve as a focal point for security related
information for the Silicon Graphics environment.  The URL is:

     http://www.sgi.com/Support/Secur/security.html





==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6IJzSYjBqwfc9jEQKU2QCePJBJflUy7eLlHqhy38EYnLYQmh8AoLVE
e4QVhg2ieUjx6Kw+GY9H8CpX
=4zwY
-----END PGP SIGNATURE-----