by -----BEGIN PGP SIGNED MESSAGE-----
___________________________________________________________________________ Title: Object Server Vulnerability ___________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community Silicon Graphics will not be liable for any indirect, special, or - -------------- Patches for this issue have been reviewed and some changes have resulted. IRIX 5.2 patch 1052 The information in the following sections has been updated ___________________________________________________________________________ As part of Silicon Graphics continued security improvement efforts, Silicon - -------------- Provided with the correct network configuration and SGI environment, both - ---------------- The solution for this issue is a replacement of the object server program **** IRIX 3.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 4.x **** This version of IRIX is not vulnerable. No action is required. **** IRIX 5.0.x, 5.1.x **** For the IRIX operating systems versions 5.0.x, 5.1.x, an upgrade **** IRIX 5.2 and 6.0 **** An inst-able patch has been generated for version 5.2 and 6.0 of the The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and ~ftp/Security or ~ftp/Patches/5.2 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1052 Filename: patchSG0001052 Filename: patchSG0001052.cadmin_sw Filename: patchSG0001052.idb **** IRIX 5.3 and 5.3xfs, **** An inst-able patch has been generated for version 5.3 and 5.3xfs of the The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: patchSG0001096 Filename: patchSG0001096.cadmin_sw Filename: patchSG0001096.eoe1_sw Filename: patchSG0001096.eoe2_sw Filename: patchSG0001096.idb **** IRIX 6.0 **** See the above section, "**** IRIX 5.2 and 6.0 ****". **** IRIX 6.0.1 **** An inst-able patch has been generated for version 6.0.1 of the The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and ~ftp/Security or ~ftp/Patches/6.0.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: patchSG0001151 Filename: patchSG0001151.cadmin_sw Filename: patchSG0001151.idb **** IRIX 6.1 **** An inst-able patch has been generated for version 6.1 of the The SGI anonymous FTP sites are sgigate.sgi.com (204.94.209.1) and ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1090 Filename: patchSG0001090 Filename: patchSG0001090.cadmin_sw Filename: patchSG0001090.idb - ------------------------ Silicon Graphics wishes to thank Kari E. Hurtta, FIRST members and - ----------------------------------------- Past SGI Advisories and security patches can be obtained via For assistance obtaining or working with security patches, please If there are questions about this document, email can be sent to For reporting *NEW* SGI security issues, email can be sent to -----BEGIN PGP SIGNATURE----- iQCVAwUBMTX+8LQ4cFApAP75AQE/ygP8DH/oGuWdQUoYNtO8iJ/RSCzoauUBdA3b
Silicon Graphics Inc. Security Advisory
Number: 19960101-03-P
Date: February 28, 1996
for its consideration, interpretation, implementation and use. Silicon
Graphics recommends that this information be acted upon as soon as possible.
consequential damages arising from the use of, failure to use or improper
use of any of the instructions or information in this Security Advisory.
___________________________________________________________________________
- --- Update ---
- --------------
Patch 1048 has been replaced by patch 1096 and patch 1151 has been
generated for IRIX 6.0.1. Briefly, the correct patch for each IRIX OS
release is:
IRIX 5.3, 5.3xfs patch 1096
IRIX 6.0 patch 1052
IRIX 6.0.1 patch 1151
IRIX 6.1 patch 1090
to reflect these changes.
Graphics has discovered a security vulnerability within the object server
program used in the IRIX 5.x and IRIX 6.x operating systems. SGI has
investigated this issue and recommends the following steps for neutralizing
the exposure. It is HIGHLY RECOMMENDED that these measures be implemented
on ALL SGI systems running IRIX 5.2, 5.3, 6.0, 6.0.1 and 6.1. This issue
will be corrected in future releases of IRIX.
- --- Impact ---
- --------------
local and remote users may be able to become root on a targeted SGI system.
- --- Solution ---
- ----------------
and assistant programs for those versions that are vulnerable. The
following patches have been generated for those versions vulnerable and
are freely provided to the SGI community.
to 5.2 or better is required first. When the upgrade is completed,
then the patches described in the sections below can be applied
depending on the final version of the upgrade.
IRIX operating system. This patch is available via anonymous FTP or
from your service or support provider. The patch is number 1052 and
will only install on IRIX version 5.2 and 6.0.
its mirror, ftp.sgi.com. Patch 1052 can be found in the following
directories on the FTP server:
~ftp/Patches/6.0
Algorithm #1 (sum -r): 16512 8 README.patch.1052
Algorithm #2 (sum): 59284 8 README.patch.1052
MD5 checksum: 4E8FA3A3305C68BC18EC52564C6B2AED
Algorithm #1 (sum -r): 51587 1 patchSG0001052
Algorithm #2 (sum): 32069 1 patchSG0001052
MD5 checksum: E0E3487A8A36A8B854BD704E35CA7245
Algorithm #1 (sum -r): 63062 548 patchSG0001052.cadmin_sw
Algorithm #2 (sum): 51720 548 patchSG0001052.cadmin_sw
MD5 checksum: E8612BF40C60DBC9D7A90FAC6F8EF102
Algorithm #1 (sum -r): 07247 1 patchSG0001052.idb
Algorithm #2 (sum): 40615 1 patchSG0001052.idb
MD5 checksum: 580F688D98950F250BF47AC82EB91FFB
IRIX operating system. This patch is available via anonymous FTP or
from your service or support provider. The patch is number 1096 and
will only install on IRIX version 5.3 and 5.3xfs.
its mirror, ftp.sgi.com. Patch 1096 can be found in the following
directories on the FTP server:
Algorithm #1 (sum -r): 27580 4 patchSG0001096
Algorithm #2 (sum): 10141 4 patchSG0001096
MD5 checksum: 67FD0FFC4B88D6C6C16153F15E04A728
Algorithm #1 (sum -r): 43284 698 patchSG0001096.cadmin_sw
Algorithm #2 (sum): 32805 698 patchSG0001096.cadmin_sw
MD5 checksum: AE50F283DB4523977CA5DC86424A7A9F
Algorithm #1 (sum -r): 34005 12 patchSG0001096.eoe1_sw
Algorithm #2 (sum): 51964 12 patchSG0001096.eoe1_sw
MD5 checksum: EF675D434EF2DA6E63925EE0189E8304
Algorithm #1 (sum -r): 51272 132 patchSG0001096.eoe2_sw
Algorithm #2 (sum): 35501 132 patchSG0001096.eoe2_sw
MD5 checksum: D7DE422E12B7A8F24A78D6B37D6EE56F
Algorithm #1 (sum -r): 12205 2 patchSG0001096.idb
Algorithm #2 (sum): 10565 2 patchSG0001096.idb
MD5 checksum: C3CCF4659B1C6B9DB5075E92C1449966
IRIX operating system. This patch is available via anonymous FTP or
from your service or support provider. The patch is number 1151 and
will only install on IRIX version 6.0.1.
its mirror, ftp.sgi.com. Patch 1151 can be found in the following
directories on the FTP server:
Algorithm #1 (sum -r): 23393 1 patchSG0001151
Algorithm #2 (sum): 31225 1 patchSG0001151
MD5 checksum: 00EE627EDC0864EF83B85AFAE7DFADD3
Algorithm #1 (sum -r): 08001 570 patchSG0001151.cadmin_sw
Algorithm #2 (sum): 36739 570 patchSG0001151.cadmin_sw
MD5 checksum: 28BA30316F6F1C916352F7602E4BAA3D
Algorithm #1 (sum -r): 64006 1 patchSG0001151.idb
Algorithm #2 (sum): 40545 1 patchSG0001151.idb
MD5 checksum: 78F317DA248145538893A3D4DBC79D6F
IRIX operating system. This patch is available via anonymous FTP or
from your service or support provider. The patch is number 1090 and
will only install on IRIX version 6.1.
its mirror, ftp.sgi.com. Patch 1090 can be found in the following
directories on the FTP server:
Algorithm #1 (sum -r): 28420 8 README.patch.1090
Algorithm #2 (sum): 59862 8 README.patch.1090
MD5 checksum: 7CA042E478210D2E90A93F9B71D31455
Algorithm #1 (sum -r): 38512 1 patchSG0001090
Algorithm #2 (sum): 37227 1 patchSG0001090
MD5 checksum: 7A266E0BFCE18322F7034BB4520C6824
Algorithm #1 (sum -r): 45703 689 patchSG0001090.cadmin_sw
Algorithm #2 (sum): 29950 689 patchSG0001090.cadmin_sw
MD5 checksum: 9EB38D49CDDF439EE1110797FEC5BC6B
Algorithm #1 (sum -r): 46990 1 patchSG0001090.idb
Algorithm #2 (sum): 40298 1 patchSG0001090.idb
MD5 checksum: 05E8F138BF0331BFEF8454074519F40A
- --- Acknowledgments ---
- ------------------------
CERT organizations worldwide for their assistance in this matter.
- --- SGI Security Information/Contacts ---
- -----------------------------------------
anonymous FTP from sgigate.sgi.com or its mirror, ftp.sgi.com.
These security patches and advisories are provided freely to
all interested parties. For issues with the patches on the
FTP sites, email can be sent to cse-security-al...@csd.sgi.com.
contact your SGI support provider.
cse-security-al...@csd.sgi.com.
security-al...@sgi.com or contact your SGI support provider. A
support contract is not required for submitting a security report.
Version: 2.6
zOHirSf+7KNY1HSsQfxej4JpI71OHI9Gbui/LCke8rSSkYzTfy0Qq9Pec7iu9+Hn
vEytQcnyGnm2rqDiyHPpyd+a6SodNTlxoL8VBRwXqKFe6S3dsT6SFeGSi3L4kbVO
Eu5sgXvN6PQ=
=O50N
-----END PGP SIGNATURE-----