-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =============================================================================== >> CERT-NL, 01-Mar-2000 << >> All CERT-NL information has been moved to http://cert.surfnet.nl. Links << >> to CERT-NL information contained in this advisory are therefore outdated. << >> << >> CERT-NL also has stopped the CERT-CC-Mirror service. Due to this the << >> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the << >> complete CERT-CC advisory texts: http://www.cert.org << =============================================================================== Content-Type: text/plain; charset=us-ascii =============================================================================== Security Advisory CERT-NL =============================================================================== Author/Source : Don Stikvoort Index : S-96-01 Distribution : World Page : 1 Classification: External Version: 1 Subject : SGI object Server Vulnerability Date : 05-Jan-96 =============================================================================== By courtesy of Silicon Graphics Inc. we received information on a vulnerability in the object server program used in SGI's IRIX 5.x and IRIX 6.x operating systems. CERT-NL recommends to follow the advice offered by SGI. CERT-NL does NOT YET mirror SGI patches on the SURFnet infoserver. ============================================================================== _______________________________________________________________________________ _ Silicon Graphics Inc. Security Advisory Title: Object Server Vulnerability Number: 19960101-01-PX Date: January 3, 1996 _______________________________________________________________________________ _ Silicon Graphics provides this information freely to the SGI community for its consideration, interpretation and implementation. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any consequential damages arising from the use of, or failure to use or use properly, any of the instructions or information in this Security Advisory. _______________________________________________________________________________ _ As part of Silicon Graphics continued security improvement efforts, Silicon Graphics has discovered a security vulnerability within the object server program used in the IRIX 5.x and IRIX 6.x operating systems. SGI has investigated this issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1 and 6.1. This issue will be corrected in future releases of IRIX. - - -------------- - - --- Impact --- - - -------------- Provided with the correct network configuration and SGI environment, both local and remote users may be able to become root on a targeted SGI system. - - ---------------- - - --- Solution --- - - ---------------- The solution for this issue is a replacement of the object server program and assistant programs for those versions that are vulnerable. The following patches have been generated for those versions vulnerable and are freely provided to the SGI community. **** IRIX 3.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 4.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patches described in the next sections "**** IRIX 5.2, 6.0, 6.0.1 ***" or "**** IRIX 5.3 ****" or "**** IRIX 6.1 ****" can be applied depending on the final version of upgrade. **** IRIX 5.2, 6.0, 6.0.1 **** For the IRIX operating system versions 5.2, 6.0, and 6.0.1, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1052 and will only install on IRIX versions 5.2, 6.0, and 6.0.1 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1052 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.2 ~ftp/Patches/6.0 ~ftp/Patches/6.0.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1052 Algorithm #1 (sum -r): 16512 8 README.patch.1052 Algorithm #2 (sum): 59284 8 README.patch.1052 MD5 checksum: 4E8FA3A3305C68BC18EC52564C6B2AED Filename: patchSG0001052 Algorithm #1 (sum -r): 51587 1 patchSG0001052 Algorithm #2 (sum): 32069 1 patchSG0001052 MD5 checksum: E0E3487A8A36A8B854BD704E35CA7245 Filename: patchSG0001052.cadmin_sw Algorithm #1 (sum -r): 63062 548 patchSG0001052.cadmin_sw Algorithm #2 (sum): 51720 548 patchSG0001052.cadmin_sw MD5 checksum: E8612BF40C60DBC9D7A90FAC6F8EF102 Filename: patchSG0001052.idb Algorithm #1 (sum -r): 07247 1 patchSG0001052.idb Algorithm #2 (sum): 40615 1 patchSG0001052.idb MD5 checksum: 580F688D98950F250BF47AC82EB91FFB **** IRIX 5.3 **** For the 5.3 IRIX operating system, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1048 and will only install on IRIX 5.3 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1048 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1048 Algorithm #1 (sum -r): 37177 9 README.patch.1048 Algorithm #2 (sum): 1825 9 README.patch.1048 MD5 checksum: D0CE2B1132B417F3B9215AA9F85CA073 Filename: patchSG0001048 Algorithm #1 (sum -r): 42189 4 patchSG0001048 Algorithm #2 (sum): 56038 4 patchSG0001048 MD5 checksum: 456BF186B65A56EA413E9E7AD4BDE17A Filename: patchSG0001048.cadmin_sw Algorithm #1 (sum -r): 47788 698 patchSG0001048.cadmin_sw Algorithm #2 (sum): 55041 698 patchSG0001048.cadmin_sw MD5 checksum: 7E3239ED9F110567B02176EC16B93F94 Filename: patchSG0001048.eoe1_sw Algorithm #1 (sum -r): 53666 12 patchSG0001048.eoe1_sw Algorithm #2 (sum): 30809 12 patchSG0001048.eoe1_sw MD5 checksum: 32F087EB64444279DF865D104664BE47 Filename: patchSG0001048.eoe2_sw Algorithm #1 (sum -r): 01942 132 patchSG0001048.eoe2_sw Algorithm #2 (sum): 33035 132 patchSG0001048.eoe2_sw MD5 checksum: E5242DE17431D40BC5FCD49925BE3283 Filename: patchSG0001048.idb Algorithm #1 (sum -r): 37645 2 patchSG0001048.idb Algorithm #2 (sum): 10420 2 patchSG0001048.idb MD5 checksum: 460C69356D5AA920978F7A9FF49A4612 **** IRIX 6.1 **** For the IRIX operating system version 6.1, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1090 and will install on IRIX 6.1 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1090 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1090 Algorithm #1 (sum -r): 28420 8 README.patch.1090 Algorithm #2 (sum): 59862 8 README.patch.1090 MD5 checksum: 7CA042E478210D2E90A93F9B71D31455 Filename: patchSG0001090 Algorithm #1 (sum -r): 38512 1 patchSG0001090 Algorithm #2 (sum): 37227 1 patchSG0001090 MD5 checksum: 7A266E0BFCE18322F7034BB4520C6824 Filename: patchSG0001090.cadmin_sw Algorithm #1 (sum -r): 45703 689 patchSG0001090.cadmin_sw Algorithm #2 (sum): 29950 689 patchSG0001090.cadmin_sw MD5 checksum: 9EB38D49CDDF439EE1110797FEC5BC6B Filename: patchSG0001090.idb Algorithm #1 (sum -r): 46990 1 patchSG0001090.idb Algorithm #2 (sum): 40298 1 patchSG0001090.idb MD5 checksum: 05E8F138BF0331BFEF8454074519F40A - - ------------------------ - - --- Acknowledgments --- - - ------------------------ Silicon Graphics wishes to thank Kari E. Hurtta, FIRST members and CERT organizations worldwide for their assistance in this matter. ============================================================================== CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet is the Dutch network for educational, research and related institutes. CERT-NL is a member of the Forum of Incident Response and Security Teams (FIRST). All CERT-NL material is available under: http://cert.surfnet.nl/ In case of computer or network security problems please contact your local CERT/security-team or CERT-NL (if your institute is NOT a SURFnet customer please address the appropriate (local) CERT/security-team). CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer, i.e. UTC+0100 in winter and UTC+0200 in summer (DST). Email: cert-nl@surfnet.nl ATTENDED REGULARLY ALL DAYS Phone: +31 302 305 305 BUSINESS HOURS ONLY Fax: +31 302 305 329 BUSINESS HOURS ONLY Snailmail: SURFnet bv Attn. CERT-NL P.O. Box 19035 NL - 3501 DA UTRECHT The Netherlands NOODGEVALLEN: 06 22 92 35 64 ALTIJD BEREIKBAAR EMERGENCIES : +31 6 22 92 35 64 ATTENDED AT ALL TIMES CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES: THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED* PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU. =============================================================================== -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1i iQA/AwUBOL6IHTSYjBqwfc9jEQLLggCeLR+EtZgAviMtS4XWqpFkRZqPOpkAn3Ww wBsVcNAAhSYWQGZ6zpWVIe/T =AKpN -----END PGP SIGNATURE-----