-----BEGIN PGP SIGNED MESSAGE----- __________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN SGI Buffer Overflow Vulnerabilities ( xterm(1), Xaw library) References Vulnerabilities in Bulletin I-046 October 19, 1998 22:00 GMT Number J-010 ______________________________________________________________________________ PROBLEM: Vulnerabilities exist in the terminal emulator xterm(1) and the Xaw library. These are installed by default on IRIX PLATFORM: xterm(1) affects IRIX 3.x, 4.x, 5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2, 6.3, 6.4, and 6.5. Xaw library affects 5.0.x, 5.1.x, 5.2, 5.3, 6.0.x, 6.1, 6.2, 6.3, 6.4, and 6.5. DAMAGE: A local user account on the vulnerable system is required in order to exploit both the xterm(1) program and Xaw library. If exploited, a buffer overflow may occur which could lead to a root compromise. SOLUTION: Apply patches or workaround. ______________________________________________________________________________ VULNERABILITY Risk is high. These vulnerabilities have been publicly ASSESSMENT: discussed in Usenet newsgroups. ______________________________________________________________________________ [ Start Silicon Graphics Inc. Advisories ] 1. xterm(1) - -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: xterm(1) exploitable buffer overflow Title: CERT VB-98.04 Number: 19981002-01-PX Date: October 15, 1998 ______________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics provides the information in this Security Advisory on an "AS-IS" basis only, and disclaims all warranties with respect thereto, express, implied or otherwise, including, without limitation, any warranty of merchantability or fitness for a particular purpose. In no event shall Silicon Graphics be liable for any loss of profits, loss of business, loss of data or for any indirect, special, exemplary, incidental or consequential damages of any kind arising from your use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ - ------------------------ - ---- Issue Specifics --- - ------------------------ The Open Group (http://www.opengroup.org/) has reported via CERT that an exploitable buffer overflow has been discovered in xterm(1) which can lead to a root compromise. Silicon Graphics Inc. has investigated the issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. This issue will be corrected in future releases of IRIX. - --------------- - ---- Impact --- - --------------- The xterm(1) program is installed by default on IRIX. A local user account on the vulnerable system is required in order to exploit xterm(1) program. The exploitable buffer overflow vulnerability can lead to a root compromise. This xterm buffer overflow vulnerability was reported by CERT VB-98.04: http://www.cert.org/ftp/cert_bulletins/VB-98.04.xterm.Xaw This xterm vulnerability has been publicly discussed in Usenet newsgroups and mailing lists. - --------------------------- - ---- Temporary Solution --- - --------------------------- Although patches are available for this issue, it is realized that there may be situations where installing the patches immediately may not be possible. The steps below can be used to remove the vulnerability by removing the setuid permissions of the xterm(1) program. 1) Become the root user on the system. % /bin/su - Password: # 2) Remove the setuid-root bit from the xterm binary. # chmod 0755 /usr/bin/X11/xterm 3) Verify the new permissions on the program. Note that the program size may be different depending on release. # ls -al /usr/bin/X11/xterm -rwxr-xr-x 1 root sys 204728 May 22 16:36 /usr/bin/X11/xterm 4) Return to previous level. # exit % - ----------------- - ---- Solution --- - ----------------- OS Version Vulnerable? Patch # Other Actions ---------- ----------- ------- ------------- IRIX 3.x yes Note 1 & 2 IRIX 4.x yes Note 1 & 2 IRIX 5.0.x yes Note 1 & 2 IRIX 5.1.x yes Note 1 & 2 IRIX 5.2 yes Note 1 & 2 IRIX 5.3 yes 3142 IRIX 6.0.x yes Note 1 & 2 IRIX 6.1 yes Note 1 & 2 IRIX 6.2 yes 3143 IRIX 6.3 yes 3144 IRIX 6.4 yes 3351 IRIX 6.5 yes 6.5.1 Note 3 IRIX 6.5.1 no NOTES 1) Upgrade to currently supported IRIX operating system. 2) See "Temporary Solution" section. 3) If you have not received an IRIX 6.5.1m CD for IRIX 6.5, contact your SGI Support Provider or download the IRIX 6.5.1 Maintenance Release Stream from http://support.sgi.com/ Patches are available via anonymous FTP and your service/support provider. The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches can be found in the ~ftp/security and ~ftp/patches directories, respectively. For security and patch management reasons, ftp.sgi.com (mirror of sgigate) lags behind and does not do a real-time update of ~ftp/security and ~ftp/patches ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.3142 Algorithm #1 (sum -r): 49324 8 README.patch.3142 Algorithm #2 (sum): 61084 8 README.patch.3142 MD5 checksum: 2B1A5715ACEB0CDC4C18678A8002B6F1 Filename: patchSG0003142 Algorithm #1 (sum -r): 29610 1 patchSG0003142 Algorithm #2 (sum): 34053 1 patchSG0003142 MD5 checksum: 6BD0AA3B67430C2068FE9144D86C74D5 Filename: patchSG0003142.idb Algorithm #1 (sum -r): 32785 1 patchSG0003142.idb Algorithm #2 (sum): 35269 1 patchSG0003142.idb MD5 checksum: BF1E7D0BB1E46B1BDFF9979189F5360B Filename: patchSG0003142.x_eoe_sw Algorithm #1 (sum -r): 33648 213 patchSG0003142.x_eoe_sw Algorithm #2 (sum): 34214 213 patchSG0003142.x_eoe_sw MD5 checksum: B02985C04953B11AE03E11DE362A36E3 Filename: README.patch.3143 Algorithm #1 (sum -r): 25019 8 README.patch.3143 Algorithm #2 (sum): 21033 8 README.patch.3143 MD5 checksum: B564135EFDC38135580A8F6B7F42CFD0 Filename: patchSG0003143 Algorithm #1 (sum -r): 32423 1 patchSG0003143 Algorithm #2 (sum): 27066 1 patchSG0003143 MD5 checksum: 415ACF1ACFD6EA16B264492BAA55E207 Filename: patchSG0003143.idb Algorithm #1 (sum -r): 23124 1 patchSG0003143.idb Algorithm #2 (sum): 35279 1 patchSG0003143.idb MD5 checksum: 78CE6DFAD29790B3082AEB257A48A71A Filename: patchSG0003143.x_eoe_sw Algorithm #1 (sum -r): 40988 213 patchSG0003143.x_eoe_sw Algorithm #2 (sum): 61141 213 patchSG0003143.x_eoe_sw MD5 checksum: E1CC35856C0FB1D65D8399881C5E64F4 Filename: README.patch.3144 Algorithm #1 (sum -r): 14474 7 README.patch.3144 Algorithm #2 (sum): 20083 7 README.patch.3144 MD5 checksum: 34700B91B362B53ADB4741D1436DA239 Filename: patchSG0003144 Algorithm #1 (sum -r): 28337 1 patchSG0003144 Algorithm #2 (sum): 26275 1 patchSG0003144 MD5 checksum: BD9C4D0B2AEBE8DC674FCDF777124B38 Filename: patchSG0003144.idb Algorithm #1 (sum -r): 04654 1 patchSG0003144.idb Algorithm #2 (sum): 35038 1 patchSG0003144.idb MD5 checksum: F53D7B84B841E089C824603FBDFCCA32 Filename: patchSG0003144.x_eoe_sw Algorithm #1 (sum -r): 62709 211 patchSG0003144.x_eoe_sw Algorithm #2 (sum): 8545 211 patchSG0003144.x_eoe_sw MD5 checksum: F8275F4C685744FC32E0B46F62DE4CD4 Filename: README.patch.3351 Algorithm #1 (sum -r): 62541 7 README.patch.3351 Algorithm #2 (sum): 18263 7 README.patch.3351 MD5 checksum: 9B4F30943168D03E87F9A3CCE2D1E420 Filename: patchSG0003351 Algorithm #1 (sum -r): 51459 1 patchSG0003351 Algorithm #2 (sum): 32809 1 patchSG0003351 MD5 checksum: 128031560CEE2BA9D8988EAE99292E6C Filename: patchSG0003351.idb Algorithm #1 (sum -r): 36105 1 patchSG0003351.idb Algorithm #2 (sum): 35002 1 patchSG0003351.idb MD5 checksum: 24564AD152E4B65388DAA7BD9A5D205A Filename: patchSG0003351.x_eoe_sw Algorithm #1 (sum -r): 42288 212 patchSG0003351.x_eoe_sw Algorithm #2 (sum): 26656 212 patchSG0003351.x_eoe_sw MD5 checksum: 7A9742D4417ADBA74E64EE31DD7F2CE7 - ------------------------- - ---- Acknowledgments --- - ------------------------- Silicon Graphics wishes to thank the CERT Coordination Center and the users of the Internet Community at large for their assistance in this matter. - ------------------------------------------------------------ - ---- Silicon Graphics Inc. Security Information/Contacts --- - ------------------------------------------------------------ If there are questions about this document, email can be sent to cse-security-alert@sgi.com. ------oOo------ Silicon Graphics provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL http://www.sgi.com/Support/security/security.html. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ Silicon Graphics provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/Support/security/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request@sgi.com subscribe wiretap end ^d In the example above, is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ Silicon Graphics provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/Support/security/security.html. ------oOo------ For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. ______________________________________________________________________________ This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, Silicon Graphics is appropriately credited and the document retains and includes its valid PGP signature. - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNiZfFbQ4cFApAP75AQGNogP/QIH9LHZgJ3wZqYxtjvEbf7VdbBItUe0L E66H8PqoPu9UASt78/AXwAF1GOvcBZV11iMPm3knhwB0LX2eSFgxVPrVLIot99Zd 3m47crNJQpqaxsoqPO9QAWdfA2wkmY2LDefsCF5nnH3RYxJPtNhnJv3+Dzjevm4h iIxmn3voxrE= =Ynfb - -----END PGP SIGNATURE----- 2. Xaw - -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: Xaw library exploitable buffer overflow Title: CERT VB-98.04 Number: 19981003-01-PX Date: October 15, 1998 ______________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics provides the information in this Security Advisory on an "AS-IS" basis only, and disclaims all warranties with respect thereto, express, implied or otherwise, including, without limitation, any warranty of merchantability or fitness for a particular purpose. In no event shall Silicon Graphics be liable for any loss of profits, loss of business, loss of data or for any indirect, special, exemplary, incidental or consequential damages of any kind arising from your use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ - ------------------------ - ---- Issue Specifics --- - ------------------------ The Open Group (http://www.opengroup.org/) has reported via CERT that an exploitable buffer overflow has been discovered in Xaw library which can lead to a root compromise. Silicon Graphics Inc. has investigated the issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. This issue will be corrected in future releases of IRIX. - --------------- - ---- Impact --- - --------------- The Xaw library is installed by default on IRIX. The Xaw Text widget must be used in a setuid root program in order to be vulnerable. A local user account on the vulnerable system is required in order to exploit the Xaw library. The exploitable buffer overflow vulnerability can lead to a root compromise. This Xaw library buffer overflow vulnerability was reported by CERT VB-98.04: http://www.cert.org/ftp/cert_bulletins/VB-98.04.xterm.Xaw This Xaw vulnerability has been publicly discussed in Usenet newsgroups and mailing lists. - --------------------------- - ---- Temporary Solution --- - --------------------------- Although patches are available for this issue, it is realized that there may be situations where installing the patches immediately may not be possible. Only setuid root programs that use the Xaw Text widget are vulnerable to this exploit. There is no easy detection method for determining if a program uses the Xaw Text widget. If you are aware of a setuid root program that uses Xaw Text widget, the steps below can be used to remove the vulnerability by removing the setuid permissions of that program. 1) Become the root user on the system. % /bin/su - Password: # 2) Remove the setuid-root bit from the binary. # chmod 0755 3) Return to previous level. # exit % - ----------------- - ---- Solution --- - ----------------- OS Version Vulnerable? Patch # Other Actions ---------- ----------- ------- ------------- IRIX 3.x no IRIX 4.x no IRIX 5.0.x yes Note 1 & 2 IRIX 5.1.x yes Note 1 & 2 IRIX 5.2 yes Note 1 & 2 IRIX 5.3 yes 3162 IRIX 6.0.x yes Note 1 & 2 IRIX 6.1 yes Note 1 & 2 IRIX 6.2 yes 3163 IRIX 6.3 yes 3164 IRIX 6.4 yes 3165 IRIX 6.5 yes 6.5.1 Note 3 IRIX 6.5.1 no NOTES 1) Upgrade to currently supported IRIX operating system. 2) See "Temporary Solution" section. 3) If you have not received an IRIX 6.5.1m CD for IRIX 6.5, contact your SGI Support Provider or download the IRIX 6.5.1 Maintenance Release Stream from http://support.sgi.com/ Patches are available via anonymous FTP and your service/support provider. The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches can be found in the ~ftp/security and ~ftp/patches directories, respectively. For security and patch management reasons, ftp.sgi.com (mirror of sgigate) lags behind and does not do a real-time update of ~ftp/security and ~ftp/patches ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.3162 Algorithm #1 (sum -r): 62760 15 README.patch.3162 Algorithm #2 (sum): 52641 15 README.patch.3162 MD5 checksum: B8F950CFFA015AEE80BDDF7D71941997 Filename: patchSG0003162 Algorithm #1 (sum -r): 29527 3 patchSG0003162 Algorithm #2 (sum): 16855 3 patchSG0003162 MD5 checksum: 483B3714A2DBCF085FB4430E60AFADB5 Filename: patchSG0003162.idb Algorithm #1 (sum -r): 63388 4 patchSG0003162.idb Algorithm #2 (sum): 4333 4 patchSG0003162.idb MD5 checksum: 4E6E083D81345A44ECF9B81DF37936D0 Filename: patchSG0003162.x_dev_sw Algorithm #1 (sum -r): 10817 1841 patchSG0003162.x_dev_sw Algorithm #2 (sum): 53139 1841 patchSG0003162.x_dev_sw MD5 checksum: 9496B25ECC3E96A8D61E2F61AB7CC444 Filename: patchSG0003162.x_eoe_sw Algorithm #1 (sum -r): 39327 3232 patchSG0003162.x_eoe_sw Algorithm #2 (sum): 13525 3232 patchSG0003162.x_eoe_sw MD5 checksum: D42A84EF3F076A58D33F19F52A819673 Filename: README.patch.3163 Algorithm #1 (sum -r): 23654 18 README.patch.3163 Algorithm #2 (sum): 25734 18 README.patch.3163 MD5 checksum: 756076D4B042CD3B821051B3146C2451 Filename: patchSG0003163 Algorithm #1 (sum -r): 32763 18 patchSG0003163 Algorithm #2 (sum): 46144 18 patchSG0003163 MD5 checksum: 9D8CF5AF49F89003D333E84E6D3300C6 Filename: patchSG0003163.idb Algorithm #1 (sum -r): 16114 13 patchSG0003163.idb Algorithm #2 (sum): 38740 13 patchSG0003163.idb MD5 checksum: 757BF2A5882658173ECFF63F892C46A8 Filename: patchSG0003163.x_dev_sw Algorithm #1 (sum -r): 26703 1871 patchSG0003163.x_dev_sw Algorithm #2 (sum): 4990 1871 patchSG0003163.x_dev_sw MD5 checksum: 4E89925EA5679B21BF8FC765CB79A8BB Filename: patchSG0003163.x_dev_sw32 Algorithm #1 (sum -r): 28764 2195 patchSG0003163.x_dev_sw32 Algorithm #2 (sum): 46025 2195 patchSG0003163.x_dev_sw32 MD5 checksum: DF71C67366E29B0F9CEF5B10A0EE3BD0 Filename: patchSG0003163.x_dev_sw64 Algorithm #1 (sum -r): 10893 2353 patchSG0003163.x_dev_sw64 Algorithm #2 (sum): 47599 2353 patchSG0003163.x_dev_sw64 MD5 checksum: A307C6DB70BD37A31D1F9D4D858C4004 Filename: patchSG0003163.x_eoe_sw Algorithm #1 (sum -r): 26523 4258 patchSG0003163.x_eoe_sw Algorithm #2 (sum): 2943 4258 patchSG0003163.x_eoe_sw MD5 checksum: 0CD66C2493A3667D1C68D2E2EE3DB187 Filename: patchSG0003163.x_eoe_sw32 Algorithm #1 (sum -r): 44792 3969 patchSG0003163.x_eoe_sw32 Algorithm #2 (sum): 30141 3969 patchSG0003163.x_eoe_sw32 MD5 checksum: 91B0F609DCF4B10814C7623669A1193D Filename: patchSG0003163.x_eoe_sw64 Algorithm #1 (sum -r): 36394 4235 patchSG0003163.x_eoe_sw64 Algorithm #2 (sum): 15018 4235 patchSG0003163.x_eoe_sw64 MD5 checksum: A751597CA40C154D855F1BA4CE111AE6 Filename: README.patch.3164 Algorithm #1 (sum -r): 04525 12 README.patch.3164 Algorithm #2 (sum): 63555 12 README.patch.3164 MD5 checksum: F949A9F818F578F9209DD453A713EDE9 Filename: patchSG0003164 Algorithm #1 (sum -r): 45150 7 patchSG0003164 Algorithm #2 (sum): 23540 7 patchSG0003164 MD5 checksum: 5EB26E7B577ADD63AD2A7E31E8E818FB Filename: patchSG0003164.idb Algorithm #1 (sum -r): 62231 11 patchSG0003164.idb Algorithm #2 (sum): 39482 11 patchSG0003164.idb MD5 checksum: 608679BE467AD0FF7B0044F08CFBA5F7 Filename: patchSG0003164.x_dev_sw Algorithm #1 (sum -r): 00282 1861 patchSG0003164.x_dev_sw Algorithm #2 (sum): 51321 1861 patchSG0003164.x_dev_sw MD5 checksum: AA403DA6F7934786C8B1138B6419EDF9 Filename: patchSG0003164.x_dev_sw32 Algorithm #1 (sum -r): 40105 2188 patchSG0003164.x_dev_sw32 Algorithm #2 (sum): 43711 2188 patchSG0003164.x_dev_sw32 MD5 checksum: 20D889F2721D867301F1F49C7F0F9FDE Filename: patchSG0003164.x_dev_sw64 Algorithm #1 (sum -r): 05154 2341 patchSG0003164.x_dev_sw64 Algorithm #2 (sum): 35806 2341 patchSG0003164.x_dev_sw64 MD5 checksum: 975B64D7781501F1428382C38EF8E33E Filename: patchSG0003164.x_eoe_sw Algorithm #1 (sum -r): 40472 3285 patchSG0003164.x_eoe_sw Algorithm #2 (sum): 19365 3285 patchSG0003164.x_eoe_sw MD5 checksum: 7130465ECBEA6961DE898BC6B03BC6EC Filename: patchSG0003164.x_eoe_sw32 Algorithm #1 (sum -r): 24036 3552 patchSG0003164.x_eoe_sw32 Algorithm #2 (sum): 62299 3552 patchSG0003164.x_eoe_sw32 MD5 checksum: CF227E33123A6B4C83B957BE7481E594 Filename: patchSG0003164.x_eoe_sw64 Algorithm #1 (sum -r): 01544 3763 patchSG0003164.x_eoe_sw64 Algorithm #2 (sum): 32019 3763 patchSG0003164.x_eoe_sw64 MD5 checksum: 33DAD3890A6EE445BABAA9299C6DE485 Filename: README.patch.3165 Algorithm #1 (sum -r): 05925 12 README.patch.3165 Algorithm #2 (sum): 9430 12 README.patch.3165 MD5 checksum: F8F8C76CF0D6401153F34E606E000703 Filename: patchSG0003165 Algorithm #1 (sum -r): 40739 10 patchSG0003165 Algorithm #2 (sum): 64635 10 patchSG0003165 MD5 checksum: E9F01F8B784EFB2360F96E1C111BC868 Filename: patchSG0003165.eoe_sw Algorithm #1 (sum -r): 44998 7 patchSG0003165.eoe_sw Algorithm #2 (sum): 42468 7 patchSG0003165.eoe_sw MD5 checksum: 948C51F29D9B18C71211551F2A9E2786 Filename: patchSG0003165.idb Algorithm #1 (sum -r): 08151 12 patchSG0003165.idb Algorithm #2 (sum): 9229 12 patchSG0003165.idb MD5 checksum: C377B369F49EC7BE07B43C4B1A3AE7C8 Filename: patchSG0003165.x_dev_sw Algorithm #1 (sum -r): 20931 5115 patchSG0003165.x_dev_sw Algorithm #2 (sum): 57869 5115 patchSG0003165.x_dev_sw MD5 checksum: 201472A518AD6573742D18E1B94EFD7B Filename: patchSG0003165.x_dev_sw64 Algorithm #1 (sum -r): 15326 2378 patchSG0003165.x_dev_sw64 Algorithm #2 (sum): 5558 2378 patchSG0003165.x_dev_sw64 MD5 checksum: 885049D822B3B277576E2C4AB54B91C4 Filename: patchSG0003165.x_eoe_sw Algorithm #1 (sum -r): 63988 7594 patchSG0003165.x_eoe_sw Algorithm #2 (sum): 15222 7594 patchSG0003165.x_eoe_sw MD5 checksum: 129346F08874CF9A56B6497BF4AA3B32 Filename: patchSG0003165.x_eoe_sw64 Algorithm #1 (sum -r): 25380 4118 patchSG0003165.x_eoe_sw64 Algorithm #2 (sum): 24205 4118 patchSG0003165.x_eoe_sw64 MD5 checksum: 34980EFCE4E39EBFEC55FA279E7F1957 - ------------------------- - ---- Acknowledgments --- - ------------------------- Silicon Graphics wishes to thank the CERT Coordination Center and the users of the Internet Community at large for their assistance in this matter. - ------------------------------------------------------------ - ---- Silicon Graphics Inc. Security Information/Contacts --- - ------------------------------------------------------------ If there are questions about this document, email can be sent to cse-security-alert@sgi.com. ------oOo------ Silicon Graphics provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security information and patches is sgigate.sgi.com (204.94.209.1). Security information and patches are located under the directories ~ftp/security and ~ftp/patches, respectively. The Silicon Graphics Security Headquarters Web page is accessible at the URL http://www.sgi.com/Support/security/security.html. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ Silicon Graphics provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/Support/security/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request@sgi.com subscribe wiretap end ^d In the example above, is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ Silicon Graphics provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/Support/security/security.html. ------oOo------ For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. ______________________________________________________________________________ This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, Silicon Graphics is appropriately credited and the document retains and includes its valid PGP signature. - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNiZgZbQ4cFApAP75AQFNawP9EhlJX0vTsSxr/rngAmU1wr46efbxzd5P Mz1Nvqvqk01CWpW7PcDwlxhBheT/hHnGEfCuj0NeuE0+D4ISDF0piChEopm/ubYT uKl1/Tp3jKnX7qrrXNRsNirFHsG7JSKp1JULmcjOa0b+RzE9OH8wWXRN0A/cRZt5 TqDo2OygiOY= =ItwP - -----END PGP SIGNATURE----- [ End Silicon Graphics Inc. Advisories ] ______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Silicon Graphics Inc. for the information contained in this bulletin. ______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@llnl.gov For emergencies and off-hour assistance, DOE, DOE contractor sites, and the NIH may contact CIAC 24-hours a day. During off hours (5PM - 8AM PST), call the CIAC voice number 925-422-8193 and leave a message, or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC duty person, and the secondary PIN number, 8550074 is for the CIAC Project Leader. Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ (or http://ciac.llnl.gov -- they're the same machine) Anonymous FTP: ftp.ciac.org (or ciac.llnl.gov -- they're the same machine) Modem access: +1 (925) 423-4753 (28.8K baud) +1 (925) 423-3331 (28.8K baud) CIAC has several self-subscribing mailing lists for electronic publications: 1. CIAC-BULLETIN for Advisories, highest priority - time critical information and Bulletins, important computer security information; 2. SPI-ANNOUNCE for official news about Security Profile Inspector (SPI) software updates, new features, distribution and availability; 3. SPI-NOTES, for discussion of problems and solutions regarding the use of SPI products. Our mailing lists are managed by a public domain software package called Majordomo, which ignores E-mail header subject lines. To subscribe (add yourself) to one of our mailing lists, send the following request as the E-mail message body, substituting ciac-bulletin, spi-announce OR spi-notes for list-name: E-mail to ciac-listproc@llnl.gov or majordomo@tholia.llnl.gov: subscribe list-name e.g., subscribe ciac-bulletin You will receive an acknowledgment email immediately with a confirmation that you will need to mail back to the addresses above, as per the instructions in the email. This is a partial protection to make sure you are really the one who asked to be signed up for the list in question. If you include the word 'help' in the body of an email to the above address, it will also send back an information file on how to subscribe/unsubscribe, get past issues of CIAC bulletins via email, etc. PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) I-092: Ping Buffer Overflow Vulnerability J-001: Windows NT RPC Spoofing Denial of Service Vulnerability J-002: SGI IRIX Mail(1)/mailx(1) Security Vulnerabilities J-003: SGI IRIX On-Line Customer Registration Vulnerabilities J-004: SunOS ftp client Vulnerability J-005: SGI IRIX at(1) Vulnerability J-006: NFS mountd Buffer Overflow Vulnerability J-007: HP OpenView Omniback II Vulnerability J-008: FreeBSD TCP RST Denial of Service Vulnerability J-009: Cisco IOS Command History Release at Login Prompt -----BEGIN PGP SIGNATURE----- Version: 4.0 Business Edition iQCVAwUBNi4atbnzJzdsy3QZAQFPCAP/SrDzvwt6LlINTKM+P1xBTDwTD+R0cXks 1JS90t9XPSZEZeX+eeMU4v112NYmFype/KnkNIfb5HgnTeob49bLn6kj2ofIA/8B 1mHijjotr45fxFR76wAxiI97sVSWhjSYOwx1rkgp2TYmV5Es0lMwJCzqsIomz8SZ Ps7Lvc8i2Ek= =7VXi -----END PGP SIGNATURE-----