-----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: sendmail issues with syslog vulnerability Title: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Title: CERT CA-95:13 Syslog Vulnerability - A Workaround for Sendmail Number: 19951001-01-P825 Date: October 31, 1995 ________________________________________________________________________________ Silicon Graphics provides this information freely to the SGI community for its consideration, interpretation and implementation. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any consequential damages arising from the use of, or failure to use or use properly, any of the instructions or information in this Security Advisory. ________________________________________________________________________________ SGI has been actively investigating reported issues with the syslog(3) program per the August 1995 8lgm advisory. There is no future information specifically on the syslog issue at this time. However, with the distribution of CERT CA-95:13, SGI has been compelled to clarify and respond on the subject for the SGI community. The information provided in this particular CERT advisory addresses only a portion of the entire syslog issue, namely, exploit via the sendmail program. Correction of the sendmail program DOES NOT address the remaining potential of exploit of the syslog program from other programs. As such, this is only a partial solution to this issue. SGI is continuing current investigations in order to provide a complete solution. To reiterate, there is no further information or patches available on the syslog issue. As further information becomes available, additional SGI advisories will be issued and any patches generated will be provided via the traditional means for security patches. Customers are encouraged to maintain communications with their SGI service providers, monitor security newsgroups and SGI FTP sites as part of their normal security practices. To be responsive to this CERT advisory, SGI recommends the following steps for neutralizing the sendmail exploit of syslog. It is HIGHLY RECOMMENDED that these measures be done on ALL SGI systems running IRIX 3.x, 4.x, 5.x and 6.x . The issue will be permanently corrected in a future release of IRIX. - ---------------- - --- Solution --- - ---------------- **** IRIX 3.x **** Unfortunately, Silicon Graphics Inc, no longer supports the IRIX 3.x operating system and therefore has no patches or binaries to provide. However, two possible actions still remain: 1) upgrade the system to a supported version of IRIX (see below) and then install the patch or 2) obtain the sendmail source code from anonymous FTP at ftp.cs.berkeley.edu and compile the program manually. **** IRIX 4.x **** With the date of this document, SGI does not have a IRIX 4.x binary replacement for this particular issue. If in the future, a replacement binary is generated, additional advisory information will be provided. , two other possible actions are: 1) upgrade the system to a version of IRIX (5.2, 5.3, 6.0, 6.0.1) and then install the patch or 2) obtain the sendmail source code from anonymous FTP at ftp.cs.berkeley.edu and compile the program manually. **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patch described in the next section "**** IRIX 5.2, 5.3, 6.0, 6.0.1, 6.1 ***" can be applied. **** IRIX 5.2, 5.3, 6.0, 6.0.1, 6.1 **** For the IRIX operating system versions 5.2, 5.3, 6.0, 6.0.1, and 6.1 an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 825 and will install on IRIX 5.2, 5.3, 6.0 and 6.0.1 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 825 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.2 ~ftp/Patches/5.3 ~ftp/Patches/6.0 ~ftp/Patches/6.0.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.825 Algorithm #1 (sum -r): 01444 57 README.patch.825 Algorithm #2 (sum): 12914 57 README.patch.825 MD5 checksum: 98C010655D46A61F77D791A279493BAC Filename: patchSG0000825 Algorithm #1 (sum -r): 37486 2 patchSG0000825 Algorithm #2 (sum): 62783 2 patchSG0000825 MD5 checksum: 37D9840567CB48C58F43FA10A83E2CC0 Filename: patchSG0000825.eoe_man Algorithm #1 (sum -r): 51345 75 patchSG0000825.eoe1_man Algorithm #2 (sum): 13139 75 patchSG0000825.eoe1_man MD5 checksum: 7CB2968AB462CF3C4BBC78002F005EEF Filename: patchSG0000825.eoe1_sw Algorithm #1 (sum -r): 21533 381 patchSG0000825.eoe1_sw Algorithm #2 (sum): 18413 381 patchSG0000825.eoe1_sw MD5 checksum: 1BE858D769A51AA5A4D0754F03CC3124 Filename: patchSG0000825.idb Algorithm #1 (sum -r): 41651 4 patchSG0000825.idb Algorithm #2 (sum): 10648 4 patchSG0000825.idb MD5 checksum: 05B2D1CE3D9804F45CBDEFC27A53CAB5 - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- For obtaining security information, patches or assistance, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com . For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com . -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMJgGXLQ4cFApAP75AQFvjwP9HN8y6VVyJGtJCa29/pL5VsyZfCTiPVjb /AGtX0CZAQd6oFg5W103pWovwJ024q+G8HZJRMhcAUsTlmDzVwCUw2jj3jZZ384h 95uT59k4TkcE66cdO4ygrzNaqYpO6Y4eRVlpXexXg7zR/3d5fDqUFrO6rRJZmEdz IlPMzwVr4lg= =8V42 -----END PGP SIGNATURE-----