PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICE
{ISSO}, SPECIAL SECURITY OFFICER {SSO}, INFORMATION RESOURCE
MANAGER {IRM} AND AUTOMATED DATA PROCESSOR {ADP} COORDINATORS
U-1,288/DS-SIM {DCPO}
SUBJ:  VULNERABILITY IN SILICON GRAPHICS INC. "IRIX"
/USR/SBIN/FMT {AUTOMATED SYSTEMS SECURITY INCIDENT SUPPORT TEAM
{ASSIST} 92-49}
1.  DISCUSSION:  ASSIST HAS LEARNED OF A SECURITY PROBLEM WITH
THE TEXT FORMATTING PROGRAM /USR/SBIN/FMT SUPPLIED BY SILICON
GRAPHICS.  THE PROGRAM WILL ALLOW ANY USER TO READ MAIL MESSAGES
OR OTHER FILES OWNED BY GROUP "MAIL" ON IRIX VERSIONS PRIOR TO
4.0 {INCLUDING ALL 3.2 AND 3.3.X VERSIONS}.  THIS PROBLEM HAS
BEEN FIXED IN VERSION 4.0.  ASSIST EXPECTS THIS VULNERABILITY TO
BE WIDELY EXPLOITED DUE TO THE RECENT RELEASE OF THIS INFORMATION
ON VARIOUS INTERNET INFORMATION SERVICES.  WE HIGHLY RECOMMEND
THAT YOU APPLY THIS PATCH IMMEDIATELY.  SILICON GRAPHICS HAS
PROVIDED THE ENCLOSED PATCH INSTRUCTIONS, AND THEY HAVE BEEN
VERIFIED ON A SGI IRIX SYSTEM V RELEASE 3.3.1 MACHINE.
2.  RECOMMENDATION:  TO CORRECT THIS VULNERABILITY, EXECUTE THE
FOLLOWING COMMAND "CHMOD 755 /USR/SBIN/FMT" AS ROOT.  OPTIONALLY,
YOU COULD ALSO CHANGE THE OWNER AND GROUP OF THE FILE, HOWEVER,
SGI HAS INFORMED US THAT THIS CHANGE IS NOT NECESSARY: "CHOWN
ROOT.SYS /USR/SBIN/FMT."  IF SYSTEM SOFTWARE SHOULD EVER BE
RELOADED FROM A 3.2 OR 3.3.{STAR SIGN} INSTALLATION TAPE OR FROM
A BACKUP TAPE CREATED BEFORE THE PATCH WAS APPLIED, REPEAT THE
ABOVE PROCEDURE IMMEDIATELY AFTER THE SOFTWARE HAS BEEN RELOADED
{BEFORE ENABLING LOGINS BY NORMAL USERS}.  SGI CUSTOMERS CAN
CONTACT 1-800-800-4SGI FOR ADDITIONAL ASSISTANCE.
3.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
MIKE HIGGINS, COMM {202} 373-8852/55 OR DSN 243-8852/55.  ASSIST
CAN BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER {800} SKY-PAGE,
PIN NUMBER 2133937 {FROM A TOUCH TONE PHONE ENTER THE CALL BACK
NUMBER AFTER THE PROMPT} OR AUTOVON DIAL 243-8000 AND ASK TO HAVE
THE ASSIST DUTY OFFICER PAGED.  ASSIST CAN BE REACHED VIA E-MAIL
AT "DOD-CERT{AT-SIGN}DDN-CONUS.DDN.MIL."