-----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: Object Server Vulnerability Number: 19960101-01-PX Date: January 3, 1996 ________________________________________________________________________________ Silicon Graphics provides this information freely to the SGI community for its consideration, interpretation and implementation. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any consequential damages arising from the use of, or failure to use or use properly, any of the instructions or information in this Security Advisory. ________________________________________________________________________________ As part of Silicon Graphics continued security improvement efforts, Silicon Graphics has discovered a security vulnerability within the object server program used in the IRIX 5.x and IRIX 6.x operating systems. SGI has investigated this issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1 and 6.1. This issue will be corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- Provided with the correct network configuration and SGI environment, both local and remote users may be able to become root on a targeted SGI system. - ---------------- - --- Solution --- - ---------------- The solution for this issue is a replacement of the object server program and assistant programs for those versions that are vulnerable. The following patches have been generated for those versions vulnerable and are freely provided to the SGI community. **** IRIX 3.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 4.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patches described in the next sections "**** IRIX 5.2, 6.0, 6.0.1 ***" or "**** IRIX 5.3 ****" or "**** IRIX 6.1 ****" can be applied depending on the final version of upgrade. **** IRIX 5.2, 6.0, 6.0.1 **** For the IRIX operating system versions 5.2, 6.0, and 6.0.1, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1052 and will only install on IRIX versions 5.2, 6.0, and 6.0.1 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1052 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.2 ~ftp/Patches/6.0 ~ftp/Patches/6.0.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1052 Algorithm #1 (sum -r): 16512 8 README.patch.1052 Algorithm #2 (sum): 59284 8 README.patch.1052 MD5 checksum: 4E8FA3A3305C68BC18EC52564C6B2AED Filename: patchSG0001052 Algorithm #1 (sum -r): 51587 1 patchSG0001052 Algorithm #2 (sum): 32069 1 patchSG0001052 MD5 checksum: E0E3487A8A36A8B854BD704E35CA7245 Filename: patchSG0001052.cadmin_sw Algorithm #1 (sum -r): 63062 548 patchSG0001052.cadmin_sw Algorithm #2 (sum): 51720 548 patchSG0001052.cadmin_sw MD5 checksum: E8612BF40C60DBC9D7A90FAC6F8EF102 Filename: patchSG0001052.idb Algorithm #1 (sum -r): 07247 1 patchSG0001052.idb Algorithm #2 (sum): 40615 1 patchSG0001052.idb MD5 checksum: 580F688D98950F250BF47AC82EB91FFB **** IRIX 5.3 **** For the 5.3 IRIX operating system, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1048 and will only install on IRIX 5.3 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1048 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1048 Algorithm #1 (sum -r): 37177 9 README.patch.1048 Algorithm #2 (sum): 1825 9 README.patch.1048 MD5 checksum: D0CE2B1132B417F3B9215AA9F85CA073 Filename: patchSG0001048 Algorithm #1 (sum -r): 42189 4 patchSG0001048 Algorithm #2 (sum): 56038 4 patchSG0001048 MD5 checksum: 456BF186B65A56EA413E9E7AD4BDE17A Filename: patchSG0001048.cadmin_sw Algorithm #1 (sum -r): 47788 698 patchSG0001048.cadmin_sw Algorithm #2 (sum): 55041 698 patchSG0001048.cadmin_sw MD5 checksum: 7E3239ED9F110567B02176EC16B93F94 Filename: patchSG0001048.eoe1_sw Algorithm #1 (sum -r): 53666 12 patchSG0001048.eoe1_sw Algorithm #2 (sum): 30809 12 patchSG0001048.eoe1_sw MD5 checksum: 32F087EB64444279DF865D104664BE47 Filename: patchSG0001048.eoe2_sw Algorithm #1 (sum -r): 01942 132 patchSG0001048.eoe2_sw Algorithm #2 (sum): 33035 132 patchSG0001048.eoe2_sw MD5 checksum: E5242DE17431D40BC5FCD49925BE3283 Filename: patchSG0001048.idb Algorithm #1 (sum -r): 37645 2 patchSG0001048.idb Algorithm #2 (sum): 10420 2 patchSG0001048.idb MD5 checksum: 460C69356D5AA920978F7A9FF49A4612 **** IRIX 6.1 **** For the IRIX operating system version 6.1, an inst-able patch has been generated and made available via anonymous ftp and/or your service/support provider. The patch is number 1090 and will install on IRIX 6.1 . The SGI anonymous ftp site is sgigate.sgi.com (204.94.209.1). Patch 1090 can be found in the following directories on the ftp server: ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1090 Algorithm #1 (sum -r): 28420 8 README.patch.1090 Algorithm #2 (sum): 59862 8 README.patch.1090 MD5 checksum: 7CA042E478210D2E90A93F9B71D31455 Filename: patchSG0001090 Algorithm #1 (sum -r): 38512 1 patchSG0001090 Algorithm #2 (sum): 37227 1 patchSG0001090 MD5 checksum: 7A266E0BFCE18322F7034BB4520C6824 Filename: patchSG0001090.cadmin_sw Algorithm #1 (sum -r): 45703 689 patchSG0001090.cadmin_sw Algorithm #2 (sum): 29950 689 patchSG0001090.cadmin_sw MD5 checksum: 9EB38D49CDDF439EE1110797FEC5BC6B Filename: patchSG0001090.idb Algorithm #1 (sum -r): 46990 1 patchSG0001090.idb Algorithm #2 (sum): 40298 1 patchSG0001090.idb MD5 checksum: 05E8F138BF0331BFEF8454074519F40A - ------------------------ - --- Acknowledgments --- - ------------------------ Silicon Graphics wishes to thank Kari E. Hurtta, FIRST members and CERT organizations worldwide for their assistance in this matter. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- Past SGI Advisories and security patches can be obtained via anonymous FTP from sgigate.sgi.com or mirror site ftp.sgi.com . These security patches and advisories are provided freely to all interested parties. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@csd.sgi.com . For assistance obtaining or working with security patches, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com . For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contacting your SGI support provider. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMOsB8rQ4cFApAP75AQFOlQP7Bgk7XFq+eXF9BxcaR2RBN1i7qJq/tVqh eMoswM9E55sRKgQa0pzjnpXjTcr0lgBfnof+PvQ5zmDGK9f/AQ+RcjagHtm4+3rC zvTzZd9epcAaLI5ylOx6AISWw9tBAwrL+FVtadQmvApEOW/9UcsyEedNO8gVI8hq gAwBxwRhSIk= =LA2k -----END PGP SIGNATURE-----