-----BEGIN PGP SIGNED MESSAGE----- - ---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE--- ======= ============ ====== ====== ======= ============== ======= ======= === === ==== ====== ====== === =========== ======= ======= === =========== === ======= === === === ==== === ===== === ======= ============== ===== === ===== ======= ============ ===== = ===== EMERGENCY RESPONSE SERVICE OUTSIDE ADVISORY REDISTRIBUTION 19 August 1996 15:00 GMT Number: ERS-OAR-E01-1996:019.1 =============================================================================== The IBM-ERS Outside Advisory Redistribution is designed to provide customers of the IBM Emergency Response Service with access to the security advisories sent out by other computer security incident response teams, vendors, and other groups concerned about security. IBM makes no representations and assumes no responsibility for the contents or accuracy of the advisories themselves. IBM-ERS is forwarding the following information from Silicon Graphics, Inc. Contact information for Silicon Graphics, Inc. is included in the forwarded text below; please contact them if you have any questions or need further information. =============================================================================== ********************** FORWARDED INFORMATION STARTS HERE ********************** ______________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: IRIX Visual Admin/User Programs Number: 19960801-01-PX Date: August 16, 1996 ______________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any indirect, special, or consequential damages arising from the use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ Several security vulnerabilities have been discovered in the the visual admin and user tool programs used in the IRIX operating systems versions, 5.2, 5.3, 6.1 and 6.2. SGI has investigated these issues and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL SGI systems running IRIX versions 5.2, 5.3, 6.1 and 6.2. This issue will be corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- Provided with the correct network configuration and SGI environment, both local and remote users may be able to become root on a targeted SGI system. - ---------------- - --- Solution --- - ---------------- The solution for this issue is a replacement of the visual user and administrator programs found in the IRIX operating systems versions 5.2, 5.3, 6.1 and 6.2. The following patches has been generated for IRIX 5.2, 5.3, 6.1 and 6.2 and are freely provided to the SGI community. To determine if the visual admin/user software is installed on a particular system, the following command can be used: % versions desktop_eoe.sw.envm sysadmdesktop.sw.clients I = Installed, R = Removed Name Date Description I desktop_eoe 02/12/96 IndigoMagic Desktop, 5.3 I desktop_eoe.sw 02/12/96 IndigoMagic Desktop, 5.3 I desktop_eoe.sw.envm 02/12/96 Desktop I sysadmdesktop 02/12/96 Desktop System Administration, 5.3 I sysadmdesktop.sw 02/12/96 Desktop System Administration Software, 5.3 I sysadmdesktop.sw.clients 02/12/96 Desktop System Administration Client Software In the above case, the software of concern is installed and the steps below should be performed. If no output is returned by the command, the subsystem is not installed and no further action is required. desktop_eoe.sw.envm sysadmdesktop.sw.clients **** IRIX 3.x, 4.x, and 5.0.x **** In the IRIX operating systems versions 3.x, 4.x, and 5.0.x, the user environment and programs are different than the ones used in later versions of IRIX. As such versions 3.x, 4.x, and 5.0.x of IRIX do not have the security vulnerabilities covered by this document and no further action is required. **** IRIX 5.1.x **** IRIX operating system version 5.1.x was a limited release version. For the IRIX operating system version 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patches described in the following sections can be applied depending on the final version of the upgrade. **** IRIX 5.2 **** For the IRIX operating system version 5.2, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1519 and will install only on IRIX 5.2. PLEASE NOTE: Patch 65 is also required in addition to patch 1519. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patches 1519 and 65 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.2 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: patchSG0000065 Algorithm #1 (sum -r): 21651 1 patchSG0000065 Algorithm #2 (sum): 22083 1 patchSG0000065 MD5 checksum: 178E667D663FC87DE606E219439433C0 Filename: patchSG0000065.idb Algorithm #1 (sum -r): 48983 1 patchSG0000065.idb Algorithm #2 (sum): 36585 1 patchSG0000065.idb MD5 checksum: C912C423521A261B42D11CF2E602C18B Filename: patchSG0000065.sgihelp_sw Algorithm #1 (sum -r): 10479 2415 patchSG0000065.sgihelp_sw Algorithm #2 (sum): 17168 2415 patchSG0000065.sgihelp_sw MD5 checksum: 449AA74F1BCEC421945C829DD06F6439 Filename: README.patch.1519 Algorithm #1 (sum -r): 64017 8 README.patch.1519 Algorithm #2 (sum): 52961 8 README.patch.1519 MD5 checksum: 93E89D3AC06665B98E250C0B8A809ADA Filename: patchSG0001519 Algorithm #1 (sum -r): 55758 2 patchSG0001519 Algorithm #2 (sum): 57617 2 patchSG0001519 MD5 checksum: 235727BDC4FAE2DC1897FF8DDA954F6C Filename: patchSG0001519.desktop_eoe_sw Algorithm #1 (sum -r): 31206 82 patchSG0001519.desktop_eoe_sw Algorithm #2 (sum): 65374 82 patchSG0001519.desktop_eoe_sw MD5 checksum: BA9708E74288AFBB004E08CE7D7A0DCC Filename: patchSG0001519.idb Algorithm #1 (sum -r): 12780 8 patchSG0001519.idb Algorithm #2 (sum): 53831 8 patchSG0001519.idb MD5 checksum: 5904CF1725C9844FB02B31BB3D02091C Filename: patchSG0001519.sysadmdesktop_sw Algorithm #1 (sum -r): 01731 1687 patchSG0001519.sysadmdesktop_sw Algorithm #2 (sum): 33557 1687 patchSG0001519.sysadmdesktop_sw MD5 checksum: 6C18E62ABB312D2EDF503926BBDFAEB3 **** IRIX 5.3 **** For the IRIX operating system version 5.3, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1518 and will install only on IRIX 5.3. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1518 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1518 Algorithm #1 (sum -r): 33249 9 README.patch.1518 Algorithm #2 (sum): 338 9 README.patch.1518 MD5 checksum: 36D6B612F49DD8E109025A6AD41F2DB5 Filename: patchSG0001518 Algorithm #1 (sum -r): 53993 3 patchSG0001518 Algorithm #2 (sum): 22622 3 patchSG0001518 MD5 checksum: 1ADB33B26E86BF5BAE1D65C5B8BB4632 Filename: patchSG0001518.desktop_eoe_sw Algorithm #1 (sum -r): 21022 101 patchSG0001518.desktop_eoe_sw Algorithm #2 (sum): 55961 101 patchSG0001518.desktop_eoe_sw MD5 checksum: 30EF63B7BA40E144F75ECD808E3BB5C6 Filename: patchSG0001518.idb Algorithm #1 (sum -r): 16394 11 patchSG0001518.idb Algorithm #2 (sum): 25741 11 patchSG0001518.idb MD5 checksum: A34F1D7B24F9AECCF7AF91187F16909F Filename: patchSG0001518.sysadmdesktop_sw Algorithm #1 (sum -r): 37847 2879 patchSG0001518.sysadmdesktop_sw Algorithm #2 (sum): 39927 2879 patchSG0001518.sysadmdesktop_sw MD5 checksum: 0A6B5C8446748AAF9C4BD464723F22C2 **** IRIX 6.0.x **** IRIX operating system version 6.0.x was a limited release version. For the IRIX operating system version 6.0.x an upgrade to 6.1 or better is required first. When the upgrade is completed, then the patches described in the following sections can be applied depending on the final version of the upgrade. **** IRIX 6.1 **** For the IRIX operating system version 6.1, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1517 and will install only on IRIX 6.1. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1517 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1517 Algorithm #1 (sum -r): 34233 8 README.patch.1517 Algorithm #2 (sum): 52976 8 README.patch.1517 MD5 checksum: 7207358CF3D3854F4B4964853CF9CF9B Filename: patchSG0001517 Algorithm #1 (sum -r): 22553 2 patchSG0001517 Algorithm #2 (sum): 65216 2 patchSG0001517 MD5 checksum: C1461193D43BB591F56337673A21E264 Filename: patchSG0001517.desktop_eoe_sw Algorithm #1 (sum -r): 26837 101 patchSG0001517.desktop_eoe_sw Algorithm #2 (sum): 10036 101 patchSG0001517.desktop_eoe_sw MD5 checksum: B277610280445E4B14EB5925B42DBA05 Filename: patchSG0001517.idb Algorithm #1 (sum -r): 64386 11 patchSG0001517.idb Algorithm #2 (sum): 25466 11 patchSG0001517.idb MD5 checksum: 261C1DA015BB251A833E6C633FEC537C Filename: patchSG0001517.sysadmdesktop_sw Algorithm #1 (sum -r): 15159 2860 patchSG0001517.sysadmdesktop_sw Algorithm #2 (sum): 59057 2860 patchSG0001517.sysadmdesktop_sw MD5 checksum: 6149BFE3C6A26316BD2BD37DD89E9AD2 **** IRIX 6.2 **** For the IRIX operating system version 6.2, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1516 and will install only on IRIX 6.2. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1516 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.2 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1516 Algorithm #1 (sum -r): 35151 8 README.patch.1516 Algorithm #2 (sum): 52984 8 README.patch.1516 MD5 checksum: 3CDCA2674C7AB2A8EC18CDFD37C3FBC3 Filename: patchSG0001516 Algorithm #1 (sum -r): 35036 2 patchSG0001516 Algorithm #2 (sum): 5041 2 patchSG0001516 MD5 checksum: 2E7B95E866E6D948C0F5A061201EA28D Filename: patchSG0001516.desktop_eoe_sw Algorithm #1 (sum -r): 43836 100 patchSG0001516.desktop_eoe_sw Algorithm #2 (sum): 17346 100 patchSG0001516.desktop_eoe_sw MD5 checksum: BCC29CC468C1848908A683E641CFFB38 Filename: patchSG0001516.idb Algorithm #1 (sum -r): 08987 11 patchSG0001516.idb Algorithm #2 (sum): 25696 11 patchSG0001516.idb MD5 checksum: 93BCFCB015BA81D0E3B0FDDA7D9D69C9 Filename: patchSG0001516.sysadmdesktop_sw Algorithm #1 (sum -r): 41089 2887 patchSG0001516.sysadmdesktop_sw Algorithm #2 (sum): 30127 2887 patchSG0001516.sysadmdesktop_sw MD5 checksum: BB84B9065C6A678A821920BEC17D2506 - ------------------------ - --- Acknowledgments --- - ------------------------ Silicon Graphics wishes to thank Paul Walmsley, FIRST members and CERT organizations worldwide for their assistance in this matter. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- Past SGI Advisories and security patches can be obtained via anonymous FTP from sgigate.sgi.com or its mirror, ftp.sgi.com. These security patches and advisories are provided freely to all interested parties. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@csd.sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com. Silicon Graphics provides a free security mailing list service. The wiretap service allows interested parties to self-subscribe to receive (via email) all SGI Security Advisories when released. mail wiretap-request@sgi.com [BODY of "subscribe wiretap YourEmailAddress" "end" ] For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. *********************** FORWARDED INFORMATION ENDS HERE *********************** =============================================================================== IBM's Internet Emergency Response Service (IBM-ERS) is a subscription-based Internet security response service that includes computer security incident response and management, regular electronic verification of your Internet gateway(s), and security vulnerability alerts similar to this one that are tailored to your specific computing environment. By acting as an extension of your own internal security staff, IBM-ERS's team of Internet security experts helps you quickly detect and respond to attacks and exposures across your Internet connection(s). As a part of IBM's Business Recovery Services organization, the IBM Internet Emergency Response Service is a component of IBM's SecureWay(tm) line of security products and services. From hardware to software to consulting, SecureWay solutions can give you the assurance and expertise you need to protect your valuable business resources. To find out more about the IBM Internet Emergency Response Service, send an electronic mail message to ers-sales@vnet.ibm.com, or call 1-800-742-2493 (Prompt 4). IBM-ERS maintains a site on the World Wide Web at http://www.ers.ibm.com/. Visit the site for information about the service, copies of security alerts, team contact information, and other items. IBM-ERS uses Pretty Good Privacy* (PGP*) as the digital signature mechanism for security vulnerability alerts and other distributed information. The IBM-ERS PGP* public key is available from http://www.ers.ibm.com/team-info/pgpkey.html. "Pretty Good Privacy" and "PGP" are trademarks of Philip Zimmerman. IBM-ERS is a Member Team of the Forum of Incident Response and Security Teams (FIRST), a global organization established to foster cooperation and response coordination among computer security teams worldwide. The information in this document is provided as a service to customers of the IBM Emergency Response Service. Neither International Business Machines Corporation, Integrated Systems Solutions Corporation, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process contained herein, or represents that its use would not infringe any privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by IBM or its subsidiaries. The views and opinions of authors expressed herein do not necessarily state or reflect those of IBM or its subsidiaries, and may not be used for advertising or product endorsement purposes. - ---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE---EXTERNAL RELEASE--- -----BEGIN PGP SIGNATURE----- Version: 2.7.1 iQCVAwUBMhiDT/WDLGpfj4rlAQGffgQA6o99rkW0scFHcKJXaWPBRshb2PlTR6tC HhuOg3MAMQHtlEJLaWR2gq7cXCcj2OtN95lA3w46HiY2tkECKVGdDnJpBiCjC2vA Y8M+twP32kdHuNPvt27mnTTnKtQvP0ci4iOCmQ9OiFV31pyoiHjZkLZMHaKVYfL4 okKdUffKSXU= =3Q/c -----END PGP SIGNATURE-----