what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

HexView Security Advisory 2004-05-07.01
Posted May 26, 2004
Authored by HexView | Site support.sgi.com

SGI Security Advisory 20040507-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions the /usr/sbin/cpr binary can be forced to load a user provided library while restarting the checkpointed process which can then be used to obtain root user privileges. All versions of IRIX prior to 6.5.25 are affected.

tags | advisory, root
systems | irix
advisories | CVE-2004-0134
MD5 | bca7813ef568a2aec8061ef1c2246dda

Related Files

HexView Security Advisory 2004-06-01.01
Posted Jun 18, 2004
Authored by HexView, SGI Security Coordinator | Site support.sgi.com

SGI Security Advisory 20040601-01-P - Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which can be used to obtain root user privileges. Patches have been released for this and other issues. At this time, IRIX versions 6.5.20 to 6.5.24 are considered susceptible.

tags | advisory, kernel, root
systems | irix
advisories | CVE-2004-0135, CVE-2004-0136, CVE-2004-0137
MD5 | d05cb4115b395162428966046c7e70a4
HexView Security Advisory 2004-05-03.01
Posted May 18, 2004
Authored by HexView | Site sgi.com

SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.

tags | advisory, denial of service
systems | irix
MD5 | e771b7ecc64247707f40f03dc5da3f98
HexView Security Advisory 2004-04-01.01
Posted Apr 2, 2004
Authored by HexView | Site support.sgi.com

SGI Security Advisory 20040401-01-P - It has been reported that there are several security issues affecting ftpd on IRIX. There is an ftpd DoS that is possible during PORT mode (SGI BUG 899364) not to mention that ftpd's ftp_syslog() doesn't work with anonymous FTP (SGI BUG 909172).

tags | advisory
systems | irix
MD5 | 7be6ff1c8fb3c76beb33200abd57a0fb
HexView Security Advisory 2003-09-02.01
Posted Sep 26, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2003-0746
MD5 | a72c97334ef625ae17f2020de747904a
HexView Security Advisory 2003-09-01.01
Posted Sep 18, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030901-01-P - It has been reported that under certain conditions a NFS client can avoid read-only restrictions on filesystems exported via NFS from a server running IRIX 6.5.21 and mount them in read/write mode.

tags | advisory
systems | irix
advisories | CVE-2003-0680
MD5 | 158b80ac8f156a5d0d22ea50142fb208
HexView Security Advisory 2003-08-03.01
Posted Aug 26, 2003
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20030803-01-P - A vulnerability has been reported by sendmail.org that the 8.12.8 and earlier releases shipped with a potential problem in DNS mapping that could lead to a remote denial or service or root compromise. Relatedd CVE Number: CVE-2003-0688.

tags | advisory, remote, root
MD5 | 2a166f4afe5f37ea2cce1777428e4770
HexView Security Advisory 2003-08-01.01
Posted Aug 14, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030801-01-P - It is possible to create a Denial of Service attack on the IRIX nfsd through the use of carefully crafted packets which cause XDR decoding errors. This can lead to kernel panicing the system. No local account or access to an NFS mount point is required, so this could be constructed as a remote exploit.

tags | advisory, remote, denial of service, kernel, local
systems | irix
advisories | CVE-2003-0576
MD5 | a98675283906a5666114c8e4e784cb4b
HexView Security Advisory 2003-07-04.01
Posted Aug 5, 2003
Authored by HexView | Site support.sgi.com

SGI Security Advisory 20030704-01-P - It has been reported that the IRIX name services daemon nsd can be exploited in various ways through the AUTH_UNIX gid list. This could result in an attacker gaining root access.

tags | advisory, root
systems | irix
advisories | CVE-2003-0575
MD5 | d24f576633d1116056bce01aa747cc76
HexView Security Advisory 2003-07-02.01
Posted Jul 18, 2003
Authored by HexView, SGI Security Coordinator | Site support.sgi.com

SGI Security Advisory 20030702-01-P - It has been reported that logging into an IRIX 6.5 machine while particular environment variables are set can lead to /usr/lib/iaf/scheme dumping core. Since scheme is suid root, this could potentially lead to a root compromise.

tags | advisory, root
systems | irix
MD5 | 3c4d357d6c4753a6214004ab269e25fe
HexView Security Advisory 2003-07-01.01
Posted Jul 18, 2003
Authored by HexView, SGI Security Coordinator | Site support.sgi.com

SGI Security Advisory 20030701-01-P - Multiple vulnerabilities have been found in the Name Service Daemon, or nsd, on IRIX below version 6.5.21.

tags | advisory, vulnerability
systems | irix
advisories | CVE-2003-0176, CVE-2003-0177, CVE-2003-0572, CVE-2003-0573
MD5 | 4fda666dd3b10a49c1eb0791597570ba
HexView Security Advisory 2003-06-07.01
Posted Jun 25, 2003
Authored by HexView, SGI Security | Site sgi.com

SGI Security Advisory 20030607-01-P - Several bugs in the IRIX 6.5.19 implementation of IPv6 result in inetd becoming hung when port scanned, snoop unable to handle packets as root, and other non-security related issues.

tags | advisory, root
systems | irix
MD5 | 99d2e0ce6890eb6a4b4d3ae5e453c5d5
HexView Security Advisory 2003-06-05.01
Posted Jun 21, 2003
Authored by HexView | Site sgi.com

SGI Security Advisory 20030605-01-A - SGI acknowledges the MIPSPro compiler temporary file vulnerability reported by Crimelabs. The have nothing else to say about it at this time.

tags | advisory
MD5 | 2256e1cbf6d189696e2dd6a88d6633af
HexView Security Advisory 2002-09-02.01
Posted Sep 19, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020902-01-I - SGI IRIX 6.5 systems apply world-readable permissions on all coredumps. This can allow local users to disclose sensitive information from system coredumps. This affects IRIX versions prior to 6.5.15.

tags | local
systems | irix
MD5 | 9315a98001591b774f8fa81e3687ba21
HexView Security Advisory 2002-09-01.01
Posted Sep 19, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020901-01-A - It has been found that several operating systems have insecurely implemented the IGMP protocol and several attacks can be used to take down network segments that are being routed by such systems. SGI acknowledged the problem but did not release patches yet.

tags | protocol
MD5 | 84dae135b0b8628df90fe803eeda5f2e
octopus.c
Posted Aug 26, 2002
Authored by Maniac

This little program opens as many sockets with a remote host as can be supported by both. It catches ^C and kill commands to shut down cleanly by closing all open connections before exiting. Often, a remote workstation can be brought to its knees by saturating its process table via multiple invocations of sendmail. That's why port 25 (the sendmail port) is the default. If the target's process table (set when the target kernel was created) is filled, users will be unable to execute any shell commands. Many MUDs also crash when the number of sockets they have open exceeds a certain number. This program will put stress on MUDs by testing their limits. If a limit is reached, the MUD will either crash or will refuse to let new users log in. * The program is incomplete, in that it doesn't check for socket timeouts and subsequently reuse timed out sockets. That means the program can only keep a remote host / mud locked up until it exhausts its own available new sockets, or until it has reached MAX_DESCRIPTORS remote connections as set by the #define statement. * If the local machine starts issuing error messages, then the program has failed to saturate the remote host and has instead reached the limits of the local machine. Use ^C or the kill command to terminate it. If you are knowledgable about rebuilding kernels and have access to the root account, you can build a special kernel that will allow you to reach a much larger number of open sockets.

tags | remote, denial of service, shell, kernel, local, root
MD5 | 57f5e537c9adc5964995189dee2618d0
HexView Security Advisory 2002-06-05.01
Posted Jul 16, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020605-01-I - A vulnerability found in the chunked encoding implementation in Apache versions 1.3.24, 2.0.36 or prior can be used to remotely execute code on systems running this software. This vulnerability affects IRIX systems versions 6.5.12m/f up to and including 6.5.16. SGI IRIX 6.5.17 is not affected.

systems | irix
MD5 | b44f60e8f0b88e503d01b5125f0524c6
HexView Security Advisory 2002-06-05.01
Posted Jun 25, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020605-01-I - A vulnerability found in the IRIX xfsmd can lead to the remote root access on a vulnerable system. Affects Irix v6.5 through 6.5.16.

tags | remote, root
systems | irix
MD5 | 107bf81f7d77d1a13ba6b90562c60f90
HexView Security Advisory 2002-06-02.01
Posted Jun 10, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020602-01-I - "MediaMail" and "MediaMail Pro (/usr/binX11/MediaMail) can be caused to dump core when passed certain user-supplied arguments. Since it is setgid mail, the core dump can be exploited in several ways.

advisories | CVE-2002-0358
MD5 | 45ebaa94b9598b90bd77ba41dd010573
HexView Security Advisory 2002-06-01.01
Posted Jun 5, 2002
Authored by HexView | Site sgi.com

SGI Security Advisory 20020601-01-P - /usr/etc/rpc.passwd has a vulnerability which allows local users to gain root access. The rpc.passwd binary is not installed by default on IRIX 6.5 systems. It is part of the optional subsystem "nfs.sw.nis".

tags | local, root
systems | irix
MD5 | a9f6c3f8bddb276e2347490ed85dd6c5
HexView Security Advisory 2002-05-03.01
Posted May 10, 2002
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20020503-01-I - A vulnerability found in netstat allows local users to detect whether a file exists, even when the permissions and ownership of that file should not allow it. This vulnerability has been corrected in IRIX 6.5.12 and patches are available.

tags | local
systems | irix
MD5 | 6ab5d926e943b47fda267a53527c3809
HexView Security Advisory 2002-04-09.01
Posted May 4, 2002
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20020409-01-I - A buffer overflow vulnerability found in the /usr/sbin/cpr binary (IRIX Checkpoint and Restart) can allow local user to gain root level privileges. The overflow has been fixed in SGI IRIX 6.5.11 and patches have been made available for previous versions.

tags | overflow, local, root
systems | irix
MD5 | 1b212fd1910572e509e5b37c2bd49899
HexView Security Advisory 2002-05-01.01
Posted May 4, 2002
Authored by HexView, SGI Security Coordinator | Site sgi.com

SGI Security Advisory 20020501-01-I - The name service daemon (nsd) contains a symlink vulnerability that can be used by local users to elevate their privileges. This vulnerability has been fixed in IRIX 6.5.11 and patches are available for older versions.

tags | local
systems | irix
MD5 | b7cca256947c54cbaaa2bde4e510fb6c
sgi.20020102-02-i.nsd
Posted Jan 17, 2002
Site sgi.com

SGI Security Advisory 20020102-02-I - A vulnerability related to the way the IRIX unified name service daemon (nsd) manages its cache files has been reported which allows remote users to fill the disk. The nsd daemon is installed by default on all 6.5.x versions of IRIX, and this vulnerability exists in all versions of IRIX 6.5.4m/f through 6.5.11m/f. The problem has been fixed in IRIX 6.5.12m/f.

tags | remote
systems | irix
MD5 | bf5faec99bcaf5b2354ef288848a573c
twlc.gif
Posted Jan 2, 2002
Authored by twlc

twlc logo

MD5 | 829f9581dc84503bb015f3a8fddd927e
sgi.20011101-01-i
Posted Nov 20, 2001
Site sgi.com

SGI Security Advisory 20011101-01-I - Multiple local Sendmail vulnerabilities have been discovered, potentially causing information loss, disclosure of possibly sensitive information, and possible mail system compromise. Affected versions include all Sendmail versions prior to 8.12.1 without the "RestrictQRun" option enabled.

tags | local, vulnerability
MD5 | cbbd3c608d512e10cc6136a3f9f8e1f9
Page 1 of 4
Back1234Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close