-----BEGIN PGP SIGNED MESSAGE----- ________________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: Object Server Vulnerability Number: 19960101-03-P Date: February 28, 1996 ________________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any indirect, special, or consequential damages arising from the use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ________________________________________________________________________________ - -------------- - --- Update --- - -------------- Patches for this issue have been reviewed and some changes have resulted. Patch 1048 has been replaced by patch 1096 and patch 1151 has been generated for IRIX 6.0.1. Briefly, the correct patch for each IRIX OS release is: IRIX 5.2 patch 1052 IRIX 5.3, 5.3xfs patch 1096 IRIX 6.0 patch 1052 IRIX 6.0.1 patch 1151 IRIX 6.1 patch 1090 The information in the following sections has been updated to reflect these changes. ________________________________________________________________________________ As part of Silicon Graphics continued security improvement efforts, Silicon Graphics has discovered a security vulnerability within the object server program used in the IRIX 5.x and IRIX 6.x operating systems. SGI has investigated this issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1 and 6.1. This issue will be corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- Provided with the correct network configuration and SGI environment, both local and remote users may be able to become root on a targeted SGI system. - ---------------- - --- Solution --- - ---------------- The solution for this issue is a replacement of the object server program and assistant programs for those versions that are vulnerable. The following patches have been generated for those versions vulnerable and are freely provided to the SGI community. **** IRIX 3.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 4.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade to 5.2 or better is required first. When the upgrade is completed, then the patches described in the sections below can be applied depending on the final version of the upgrade. **** IRIX 5.2 and 6.0 **** An inst-able patch has been generated for version 5.2 and 6.0 of the IRIX operating system. This patch is available via anonymous FTP or from your service or support provider. The patch is number 1052 and will only install on IRIX version 5.2 and 6.0. The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and its mirror, ftp.sgi.com. Patch 1052 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.2 ~ftp/Patches/6.0 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1052 Algorithm #1 (sum -r): 16512 8 README.patch.1052 Algorithm #2 (sum): 59284 8 README.patch.1052 MD5 checksum: 4E8FA3A3305C68BC18EC52564C6B2AED Filename: patchSG0001052 Algorithm #1 (sum -r): 51587 1 patchSG0001052 Algorithm #2 (sum): 32069 1 patchSG0001052 MD5 checksum: E0E3487A8A36A8B854BD704E35CA7245 Filename: patchSG0001052.cadmin_sw Algorithm #1 (sum -r): 63062 548 patchSG0001052.cadmin_sw Algorithm #2 (sum): 51720 548 patchSG0001052.cadmin_sw MD5 checksum: E8612BF40C60DBC9D7A90FAC6F8EF102 Filename: patchSG0001052.idb Algorithm #1 (sum -r): 07247 1 patchSG0001052.idb Algorithm #2 (sum): 40615 1 patchSG0001052.idb MD5 checksum: 580F688D98950F250BF47AC82EB91FFB **** IRIX 5.3 and 5.3xfs, **** An inst-able patch has been generated for version 5.3 and 5.3xfs of the IRIX operating system. This patch is available via anonymous FTP or from your service or support provider. The patch is number 1096 and will only install on IRIX version 5.3 and 5.3xfs. The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and its mirror, ftp.sgi.com. Patch 1096 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: patchSG0001096 Algorithm #1 (sum -r): 27580 4 patchSG0001096 Algorithm #2 (sum): 10141 4 patchSG0001096 MD5 checksum: 67FD0FFC4B88D6C6C16153F15E04A728 Filename: patchSG0001096.cadmin_sw Algorithm #1 (sum -r): 43284 698 patchSG0001096.cadmin_sw Algorithm #2 (sum): 32805 698 patchSG0001096.cadmin_sw MD5 checksum: AE50F283DB4523977CA5DC86424A7A9F Filename: patchSG0001096.eoe1_sw Algorithm #1 (sum -r): 34005 12 patchSG0001096.eoe1_sw Algorithm #2 (sum): 51964 12 patchSG0001096.eoe1_sw MD5 checksum: EF675D434EF2DA6E63925EE0189E8304 Filename: patchSG0001096.eoe2_sw Algorithm #1 (sum -r): 51272 132 patchSG0001096.eoe2_sw Algorithm #2 (sum): 35501 132 patchSG0001096.eoe2_sw MD5 checksum: D7DE422E12B7A8F24A78D6B37D6EE56F Filename: patchSG0001096.idb Algorithm #1 (sum -r): 12205 2 patchSG0001096.idb Algorithm #2 (sum): 10565 2 patchSG0001096.idb MD5 checksum: C3CCF4659B1C6B9DB5075E92C1449966 **** IRIX 6.0 **** See the above section, "**** IRIX 5.2 and 6.0 ****". **** IRIX 6.0.1 **** An inst-able patch has been generated for version 6.0.1 of the IRIX operating system. This patch is available via anonymous FTP or from your service or support provider. The patch is number 1151 and will only install on IRIX version 6.0.1. The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and its mirror, ftp.sgi.com. Patch 1151 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.0.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: patchSG0001151 Algorithm #1 (sum -r): 23393 1 patchSG0001151 Algorithm #2 (sum): 31225 1 patchSG0001151 MD5 checksum: 00EE627EDC0864EF83B85AFAE7DFADD3 Filename: patchSG0001151.cadmin_sw Algorithm #1 (sum -r): 08001 570 patchSG0001151.cadmin_sw Algorithm #2 (sum): 36739 570 patchSG0001151.cadmin_sw MD5 checksum: 28BA30316F6F1C916352F7602E4BAA3D Filename: patchSG0001151.idb Algorithm #1 (sum -r): 64006 1 patchSG0001151.idb Algorithm #2 (sum): 40545 1 patchSG0001151.idb MD5 checksum: 78F317DA248145538893A3D4DBC79D6F **** IRIX 6.1 **** An inst-able patch has been generated for version 6.1 of the IRIX operating system. This patch is available via anonymous FTP or from your service or support provider. The patch is number 1090 and will only install on IRIX version 6.1. The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and its mirror, ftp.sgi.com. Patch 1090 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1090 Algorithm #1 (sum -r): 28420 8 README.patch.1090 Algorithm #2 (sum): 59862 8 README.patch.1090 MD5 checksum: 7CA042E478210D2E90A93F9B71D31455 Filename: patchSG0001090 Algorithm #1 (sum -r): 38512 1 patchSG0001090 Algorithm #2 (sum): 37227 1 patchSG0001090 MD5 checksum: 7A266E0BFCE18322F7034BB4520C6824 Filename: patchSG0001090.cadmin_sw Algorithm #1 (sum -r): 45703 689 patchSG0001090.cadmin_sw Algorithm #2 (sum): 29950 689 patchSG0001090.cadmin_sw MD5 checksum: 9EB38D49CDDF439EE1110797FEC5BC6B Filename: patchSG0001090.idb Algorithm #1 (sum -r): 46990 1 patchSG0001090.idb Algorithm #2 (sum): 40298 1 patchSG0001090.idb MD5 checksum: 05E8F138BF0331BFEF8454074519F40A - ------------------------ - --- Acknowledgments --- - ------------------------ Silicon Graphics wishes to thank Kari E. Hurtta, FIRST members and CERT organizations worldwide for their assistance in this matter. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- Past SGI Advisories and security patches can be obtained via anonymous FTP from sgigate.sgi.com or its mirror, ftp.sgi.com. These security patches and advisories are provided freely to all interested parties. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@csd.sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com. For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMTX+8LQ4cFApAP75AQE/ygP8DH/oGuWdQUoYNtO8iJ/RSCzoauUBdA3b zOHirSf+7KNY1HSsQfxej4JpI71OHI9Gbui/LCke8rSSkYzTfy0Qq9Pec7iu9+Hn vEytQcnyGnm2rqDiyHPpyd+a6SodNTlxoL8VBRwXqKFe6S3dsT6SFeGSi3L4kbVO Eu5sgXvN6PQ= =O50N -----END PGP SIGNATURE-----