WorldView vulnerability on IRIX

2002-08-22T00:00:00
ID SECURITYVULNS:DOC:3402
Type securityvulns
Reporter Securityvulns
Modified 2002-08-22T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----


                       SGI Security Advisory

     Title:  WorldView vulnerability
    Number:  20000803-01-P
      Date:  August 21, 2002
 Reference:  SGI Security Advisory 20000803-01-A
 Reference:  CVE CAN-2000-0704


  • --- Issue Specifics ---

This bulletin is a followup to SGI Security Bulletin 20000803-01-A.

There is a root buffer overflow vulnerability in WorldView reported by Shadow Penguin Security Org. on the FreeWnn Mailing List: http://www.tomo.gr.jp/users/wnn/0008ml/msg00000.html (in Japanese) and also reported by Omron Software on http://www.omronsoft.co.jp/SP/support/pcunix/wnn/update1.html (in Japanese)

Besides the issues discussed in 20000803-01-A, there is an additional vulnerability that is addressed by this advisory and the fixes noted herein.

WorldView is an optional purchased product used by SGI customers that require foreign language support in IRIX. It is not installed by default on base IRIX. Only SGI systems that have WorldView Japanese, Korean, and Chinese installed are vulnerable to these issues.

The WorldView vulnerability can lead to root access through a buffer overflow exploit. SGI has investigated the issue and recommends the following steps for neutralizing the exposure.

The workaround involves changing ownership of the [jks]server to a non- privileged user (see detail below). It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems.

These issues have been corrected with patches an in future releases of IRIX.


  • --- Impact ---

The WorldView package is not installed by default on IRIX 6.5 systems.

To determine the version of IRIX you are running, execute the following command:

# uname -R

That will return a result similar to the following:

# 6.5 6.5.16f

The first number ("6.5") is the release name, the second ("6.5.16f" in this case) is the extended release name. The extended release name is the "version" we refer to throughout this document.

To see if WorldView is installed, execute the following command:

# versions -b | grep WorldView

 I  WorldView_base_jp    05/06/1998  WorldView Base Japanese 6.5
 I  WorldView_books_jp   05/06/1998  WorldView Books: Japanese 6.5
 I  WorldView_fonts_jp1  05/06/1998  WorldView Fonts Japanese, 6.5
 I  WorldView_japanese   05/06/1998  WorldView Japanese 6.5

If the output is similar to that shown above, then WorldView is installed and the system may be vulnerable.

This vulnerability was assigned the following CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0704


  • --- Temporary Workaround ---

SGI understands that there are times when upgrading the operating system or installing patches are inconvenient or not possible. In those instances, we recommend the following workaround:

Japanese:

o Step 1: Become the root user on the system.

          % /bin/su -
          Password:
          #

o Step 2: Verify WorldView is installed as shown above. Only systems that have WorldView installed are vulnerable.

o Step 3: If the WorldView is not currently needed, disable the jserver.

          # chkconfig jserver off

   Note: This will disable Japanese character input support.

o Step 3: Add the following lines to the files /etc/password and /etc/group with a text editor like vi.

   /etc/passwd:

            wnn:*:127:127:Wnn System Account:/usr/lib/wnn6:/bin/sh

   /etc/group:

            wnn:*:127

o Step 4: Change the owner of the WNN related files.

          # chown -R wnn.sys /usr/bin/Wnn6
          # chown -R wnn.sys /usr/lib/wnn6

o Step 5: Verify that the file ownership changes have been made.

          # ls -ls /usr/bin/Wnn6/jserver
          1136 -r-sr-xr-x    1 wnn      sys       578660

          # ls -ls /usr/lib/wnn6/serverdefs
          8 -rw-r--r--    1 wnn      sys          662

o Step 6: Reboot the system.

          # reboot

Korean:

o Step 1: Become the root user on the system and disable kserver

       (Example)
       % /bin/su
       Password:
       #
       # /etc/init.d/kserver stop

o Step 2: add the following lines to the files /etc/password and /etc/group with a text editor like vi.

       /etc/password:
       wnn:*:127:127:Wnn System Account:/usr/lib/wnn:/bin/sh

       /etc/group:
       wnn:*:127

o Step 3: Change the owner of Wnn related files.

       # chown -R wnn.sys /usr/bin/kWnn4
       # chown -R wnn.sys /usr/lib/wnn

o Step 4: Verify that the file ownership changes have been made.

       (Example)
       # ls -ls /usr/bin/kWnn4/kserver

       1136 -r-sr-xr-x    1 wnn     sys       578660 Aug 14 15:24

       # ls -ls /usr/lib/wnn/serverdefs

       8 -rw-r--r--    1 wnn     sys       662 Aug 14 15:25

o Step 5: Reboot the system or restart kserver.

       (Example)
       # /etc/init.d/kserver start
       # reboot

       You may also refer to the file
       /usr/bin/kWnn4/add_wnn_account.sh which is created
       during installation. Furthermore, for server machines,
       especially those not protected by a firewall, that do
       not require Korean character input, please execute the
       following command and then reboot the system.

       # chkconfig kserver off

Chinese:

o Step 1: Become the root user on the system and disable cserver

       (Example)
       % /bin/su
       Password:
       #
       # /etc/init.d/cserver stop

o Step 2: add the following lines to the files /etc/password and /etc/group with a text editor like vi.

       /etc/password:

       wnn:*:127:127:Wnn System Account:/usr/lib/wnn:/bin/sh

       /etc/group:

       wnn:*:127

o Step 3: Change the owner of Wnn related files.

       # chown -R wnn.sys /usr/bin/cWnn4
       # chown -R wnn.sys /usr/lib/wnn

o Step 4: Verify that the file ownership changes have been made.

       (Example)
       # ls -ls /usr/bin/cWnn4/cserver

       1136 -r-sr-xr-x    1 wnn     sys       578660 Aug 14 15:24

       # ls -ls /usr/lib/wnn/serverdefs

       8 -rw-r--r--    1 wnn     sys       662 Aug 14 15:25

o Step 5: Reboot the system or restart kserver.

       (Example)
       # /etc/init.d/cserver start

       # reboot

       You may also refer to the file
       /usr/bin/cWnn4/add_wnn_account.sh which is created
       during installation. Furthermore, for server machines,
       especially those not protected by a firewall, that do
       not require Chinese character input, please execute
       the following command and then reboot the system.

       # chkconfig cserver off

  • --- Solution ---

SGI has provided a series of patches for these vulnerabilities. Our recommendation is to upgrade to IRIX 6.5.16 when available, or install the appropriate patch from the list below. Note that there are patches for Maintenance and Feature streams, for three different languages. See the notes after the listing for assistance in this admittedly complex matrix.

OS Version Vulnerable? Patch # Other Actions ---------- ----------- ------- ------------- IRIX 3.x unknown Note 1 IRIX 4.x unknown Note 1 IRIX 5.x unknown Note 1 IRIX 6.0.x unknown Note 1 IRIX 6.1 unknown Note 1 IRIX 6.2 unknown Note 1 IRIX 6.3 unknown Note 1 IRIX 6.4 unknown Note 1 IRIX 6.5 yes 4632 Notes 2, 3, & 4 IRIX 6.5 yes 4633 Notes 2, 3, & 5 IRIX 6.5 yes 4644 Notes 2, 3, & 6 IRIX 6.5.1 yes 4632 Notes 2, 3, & 4 IRIX 6.5.1 yes 4633 Notes 2, 3, & 5 IRIX 6.5.1 yes 4644 Notes 2, 3, & 6 IRIX 6.5.2m yes 4632 Notes 2, 3, & 4 IRIX 6.5.2m yes 4633 Notes 2, 3, & 5 IRIX 6.5.2m yes 4644 Notes 2, 3, & 6 IRIX 6.5.2f yes 4645 Notes 2, 3, & 4 IRIX 6.5.2f yes 4646 Notes 2, 3, & 5 IRIX 6.5.2f yes 4647 Notes 2, 3, & 6 IRIX 6.5.3m yes 4632 Notes 2, 3, & 4 IRIX 6.5.3m yes 4633 Notes 2, 3, & 5 IRIX 6.5.3m yes 4644 Notes 2, 3, & 6 IRIX 6.5.3f yes 4645 Notes 2, 3, & 4 IRIX 6.5.3f yes 4646 Notes 2, 3, & 5 IRIX 6.5.3f yes 4647 Notes 2, 3, & 6 IRIX 6.5.4m yes 4632 Notes 2, 3, & 4 IRIX 6.5.4m yes 4633 Notes 2, 3, & 5 IRIX 6.5.4m yes 4644 Notes 2, 3, & 6 IRIX 6.5.4f yes 4645 Notes 2, 3, & 4 IRIX 6.5.4f yes 4646 Notes 2, 3, & 5 IRIX 6.5.4f yes 4647 Notes 2, 3, & 6 IRIX 6.5.5m yes 4632 Notes 2, 3, & 4 IRIX 6.5.5m yes 4633 Notes 2, 3, & 5 IRIX 6.5.5m yes 4644 Notes 2, 3, & 6 IRIX 6.5.5f yes 4645 Notes 2, 3, & 4 IRIX 6.5.5f yes 4646 Notes 2, 3, & 5 IRIX 6.5.5f yes 4647 Notes 2, 3, & 6 IRIX 6.5.6m yes 4632 Notes 2, 3, & 4 IRIX 6.5.6m yes 4633 Notes 2, 3, & 5 IRIX 6.5.6m yes 4644 Notes 2, 3, & 6 IRIX 6.5.6f yes 4645 Notes 2, 3, & 4 IRIX 6.5.6f yes 4646 Notes 2, 3, & 5 IRIX 6.5.6f yes 4647 Notes 2, 3, & 6 IRIX 6.5.7m yes 4632 Notes 2, 3, & 4 IRIX 6.5.7m yes 4633 Notes 2, 3, & 5 IRIX 6.5.7m yes 4644 Notes 2, 3, & 6 IRIX 6.5.7f yes 4645 Notes 2, 3, & 4 IRIX 6.5.7f yes 4646 Notes 2, 3, & 5 IRIX 6.5.7f yes 4647 Notes 2, 3, & 6 IRIX 6.5.8m yes 4632 Notes 2, 3, & 4 IRIX 6.5.8m yes 4633 Notes 2, 3, & 5 IRIX 6.5.8m yes 4644 Notes 2, 3, & 6 IRIX 6.5.8f yes 4645 Notes 2, 3, & 4 IRIX 6.5.8f yes 4646 Notes 2, 3, & 5 IRIX 6.5.8f yes 4647 Notes 2, 3, & 6 IRIX 6.5.9m yes 4632 Notes 2, 3, & 4 IRIX 6.5.9m yes 4633 Notes 2, 3, & 5 IRIX 6.5.9m yes 4644 Notes 2, 3, & 6 IRIX 6.5.9f yes 4645 Notes 2, 3, & 4 IRIX 6.5.9f yes 4646 Notes 2, 3, & 5 IRIX 6.5.9f yes 4647 Notes 2, 3, & 6 IRIX 6.5.10m yes 4632 Notes 2, 3, & 4 IRIX 6.5.10m yes 4633 Notes 2, 3, & 5 IRIX 6.5.10m yes 4644 Notes 2, 3, & 6 IRIX 6.5.10f yes 4645 Notes 2, 3, & 4 IRIX 6.5.10f yes 4646 Notes 2, 3, & 5 IRIX 6.5.10f yes 4647 Notes 2, 3, & 6 IRIX 6.5.11m yes 4632 Notes 2, 3, & 4 IRIX 6.5.11m yes 4633 Notes 2, 3, & 5 IRIX 6.5.11m yes 4644 Notes 2, 3, & 6 IRIX 6.5.11f yes 4645 Notes 2, 3, & 4 IRIX 6.5.11f yes 4646 Notes 2, 3, & 5 IRIX 6.5.11f yes 4647 Notes 2, 3, & 6 IRIX 6.5.12m yes 4632 Notes 2, 3, & 4 IRIX 6.5.12m yes 4633 Notes 2, 3, & 5 IRIX 6.5.12m yes 4644 Notes 2, 3, & 6 IRIX 6.5.12f yes 4645 Notes 2, 3, & 4 IRIX 6.5.12f yes 4646 Notes 2, 3, & 5 IRIX 6.5.12f yes 4647 Notes 2, 3, & 6 IRIX 6.5.13m yes 4632 Notes 2, 3, & 4 IRIX 6.5.13m yes 4633 Notes 2, 3, & 5 IRIX 6.5.13m yes 4644 Notes 2, 3, & 6 IRIX 6.5.13f yes 4645 Notes 2, 3, & 4 IRIX 6.5.13f yes 4646 Notes 2, 3, & 5 IRIX 6.5.13f yes 4647 Notes 2, 3, & 6 IRIX 6.5.14m yes 4632 Notes 2, 3, & 4 IRIX 6.5.14m yes 4633 Notes 2, 3, & 5 IRIX 6.5.14m yes 4644 Notes 2, 3, & 6 IRIX 6.5.14f yes 4645 Notes 2, 3, & 4 IRIX 6.5.14f yes 4646 Notes 2, 3, & 5 IRIX 6.5.14f yes 4647 Notes 2, 3, & 6 IRIX 6.5.15m yes 4632 Notes 2, 3, & 4 IRIX 6.5.15m yes 4633 Notes 2, 3, & 5 IRIX 6.5.15m yes 4644 Notes 2, 3, & 6 IRIX 6.5.15f yes 4645 Notes 2, 3, & 4 IRIX 6.5.15f yes 4646 Notes 2, 3, & 5 IRIX 6.5.15f yes 4647 Notes 2, 3, & 6 IRIX 6.5.16m no IRIX 6.5.16f no

NOTES

 1) This version of the IRIX operating has been retired. Upgrade to an
    actively supported IRIX operating system.  See
    http://support.sgi.com/irix/news/index.html#policy for more
    information.

 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
    SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/

 3) Upgrade to IRIX 6.5.16m or 6.5.16f.

 4) This patch is for the Chinese version of WorldView

 5) This patch is for the Japanese version of WorldView

 6) This patch is for the Korean version of WorldView

            ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:

Filename: README.patch.4632 Algorithm #1 (sum -r): 26909 9 README.patch.4632 Algorithm #2 (sum): 65166 9 README.patch.4632 MD5 checksum: 2FD2DA8D620CD6D1AACF3AEBA849A8CC

Filename: patchSG0004632 Algorithm #1 (sum -r): 55463 11 patchSG0004632 Algorithm #2 (sum): 45916 11 patchSG0004632 MD5 checksum: BE1192C3956DA4AFAAAEB20E80B4B871

Filename: patchSG0004632.WorldView_base_zh_man Algorithm #1 (sum -r): 04888 60 patchSG0004632.WorldView_base_zh_man Algorithm #2 (sum): 11741 60 patchSG0004632.WorldView_base_zh_man MD5 checksum: 3E9A9291C665ABCB05C226E474025772

Filename: patchSG0004632.WorldView_base_zh_sw Algorithm #1 (sum -r): 10189 8796 patchSG0004632.WorldView_base_zh_sw Algorithm #2 (sum): 60949 8796 patchSG0004632.WorldView_base_zh_sw MD5 checksum: 8F10B772F984918DD538B0E22119DC59

Filename: patchSG0004632.idb Algorithm #1 (sum -r): 28940 57 patchSG0004632.idb Algorithm #2 (sum): 53711 57 patchSG0004632.idb MD5 checksum: 577BEFF5AF3E74CA26F131022087C213

Filename: README.patch.4633 Algorithm #1 (sum -r): 13789 21 README.patch.4633 Algorithm #2 (sum): 36010 21 README.patch.4633 MD5 checksum: AC34AEC5FA49059C97C4827648CEFF74

Filename: patchSG0004633 Algorithm #1 (sum -r): 47911 15 patchSG0004633 Algorithm #2 (sum): 55668 15 patchSG0004633 MD5 checksum: 46189BAFED486CD7EB9C0DE4015CE15A

Filename: patchSG0004633.WorldView_base_jp_m_man Algorithm #1 (sum -r): 58493 534 patchSG0004633.WorldView_base_jp_m_man Algorithm #2 (sum): 8259 534 patchSG0004633.WorldView_base_jp_m_man MD5 checksum: 8D11313946D296D067638C172346EE04

Filename: patchSG0004633.WorldView_base_jp_m_sw Algorithm #1 (sum -r): 37659 27483 patchSG0004633.WorldView_base_jp_m_sw Algorithm #2 (sum): 41431 27483 patchSG0004633.WorldView_base_jp_m_sw MD5 checksum: E1FEE921C457B1AEE21BB8FD1A2ED6A5

Filename: patchSG0004633.WorldView_base_jp_man Algorithm #1 (sum -r): 58493 534 patchSG0004633.WorldView_base_jp_man Algorithm #2 (sum): 8259 534 patchSG0004633.WorldView_base_jp_man MD5 checksum: 8D11313946D296D067638C172346EE04

Filename: patchSG0004633.WorldView_base_jp_sw Algorithm #1 (sum -r): 37659 27483 patchSG0004633.WorldView_base_jp_sw Algorithm #2 (sum): 41431 27483 patchSG0004633.WorldView_base_jp_sw MD5 checksum: E1FEE921C457B1AEE21BB8FD1A2ED6A5

Filename: patchSG0004633.idb Algorithm #1 (sum -r): 14135 314 patchSG0004633.idb Algorithm #2 (sum): 32019 314 patchSG0004633.idb MD5 checksum: 0D88FA74BDD7A36B74429DFDBB1E6F6C

Filename: README.patch.4644 Algorithm #1 (sum -r): 26307 9 README.patch.4644 Algorithm #2 (sum): 63058 9 README.patch.4644 MD5 checksum: 20269396EEB1C9CAE21F0390C49E54FA

Filename: patchSG0004644 Algorithm #1 (sum -r): 40978 3 patchSG0004644 Algorithm #2 (sum): 45657 3 patchSG0004644 MD5 checksum: 4D6A402C38B0580E20E537F106B4BB89

Filename: patchSG0004644.WorldView_base_kr_sw Algorithm #1 (sum -r): 05837 4367 patchSG0004644.WorldView_base_kr_sw Algorithm #2 (sum): 46247 4367 patchSG0004644.WorldView_base_kr_sw MD5 checksum: 4BCA7CED7D3B0C6F0689CC16D63663A3

Filename: patchSG0004644.idb Algorithm #1 (sum -r): 11364 21 patchSG0004644.idb Algorithm #2 (sum): 37357 21 patchSG0004644.idb MD5 checksum: 2D1A6C5EE30221791B5F540D632D1DBB

Filename: README.patch.4645 Algorithm #1 (sum -r): 56495 8 README.patch.4645 Algorithm #2 (sum): 47628 8 README.patch.4645 MD5 checksum: 8E5184C19213475E394A5E5425E002E0

Filename: patchSG0004645 Algorithm #1 (sum -r): 31356 12 patchSG0004645 Algorithm #2 (sum): 42696 12 patchSG0004645 MD5 checksum: 669CFA38E12964A224359E9B047CDA01

Filename: patchSG0004645.WorldView_base_zh_man Algorithm #1 (sum -r): 11175 83 patchSG0004645.WorldView_base_zh_man Algorithm #2 (sum): 64903 83 patchSG0004645.WorldView_base_zh_man MD5 checksum: B2A768642225A7521106BC896F1C3E9C

Filename: patchSG0004645.WorldView_base_zh_sw Algorithm #1 (sum -r): 04097 23742 patchSG0004645.WorldView_base_zh_sw Algorithm #2 (sum): 29922 23742 patchSG0004645.WorldView_base_zh_sw MD5 checksum: D7169017E289DF3ED647D462F886476B

Filename: patchSG0004645.idb Algorithm #1 (sum -r): 22837 68 patchSG0004645.idb Algorithm #2 (sum): 51368 68 patchSG0004645.idb MD5 checksum: 9D361EACF451EF4FA87B10C47E24DDFF

Filename: README.patch.4646 Algorithm #1 (sum -r): 02166 21 README.patch.4646 Algorithm #2 (sum): 55271 21 README.patch.4646 MD5 checksum: AD7A9320DF3B27AE959120F1BD38C6D3

Filename: patchSG0004646 Algorithm #1 (sum -r): 31477 22 patchSG0004646 Algorithm #2 (sum): 57038 22 patchSG0004646 MD5 checksum: C8840105CC22BC09566AF59DDAB0CEF0

Filename: patchSG0004646.WorldView_base_jp_f_man Algorithm #1 (sum -r): 12074 787 patchSG0004646.WorldView_base_jp_f_man Algorithm #2 (sum): 9863 787 patchSG0004646.WorldView_base_jp_f_man MD5 checksum: 137A3ED0288811FDC8E00FF81976EA9D

Filename: patchSG0004646.WorldView_base_jp_f_sw Algorithm #1 (sum -r): 57843 27481 patchSG0004646.WorldView_base_jp_f_sw Algorithm #2 (sum): 5392 27481 patchSG0004646.WorldView_base_jp_f_sw MD5 checksum: 98E94A69F0702DE3FCAD91C72E71555E

Filename: patchSG0004646.WorldView_base_jp_man Algorithm #1 (sum -r): 12074 787 patchSG0004646.WorldView_base_jp_man Algorithm #2 (sum): 9863 787 patchSG0004646.WorldView_base_jp_man MD5 checksum: 137A3ED0288811FDC8E00FF81976EA9D

Filename: patchSG0004646.WorldView_base_jp_sw Algorithm #1 (sum -r): 57843 27481 patchSG0004646.WorldView_base_jp_sw Algorithm #2 (sum): 5392 27481 patchSG0004646.WorldView_base_jp_sw MD5 checksum: 98E94A69F0702DE3FCAD91C72E71555E

Filename: patchSG0004646.idb Algorithm #1 (sum -r): 49677 344 patchSG0004646.idb Algorithm #2 (sum): 64578 344 patchSG0004646.idb MD5 checksum: 89B3B76E5B3E671D05F98CB625A212D0

Filename: README.patch.4647 Algorithm #1 (sum -r): 33928 9 README.patch.4647 Algorithm #2 (sum): 60695 9 README.patch.4647 MD5 checksum: 3050E993AF207C20D9CE07F1262315DC

Filename: patchSG0004647 Algorithm #1 (sum -r): 26329 3 patchSG0004647 Algorithm #2 (sum): 29776 3 patchSG0004647 MD5 checksum: 8D75C0A403FAE2008EB5830F3417E47D

Filename: patchSG0004647.WorldView_base_kr_sw Algorithm #1 (sum -r): 43891 4367 patchSG0004647.WorldView_base_kr_sw Algorithm #2 (sum): 38705 4367 patchSG0004647.WorldView_base_kr_sw MD5 checksum: 556AE9A433FC7A305AF5C3C6A05151AA

Filename: patchSG0004647.idb Algorithm #1 (sum -r): 13883 21 patchSG0004647.idb Algorithm #2 (sum): 37267 21 patchSG0004647.idb MD5 checksum: 1E01C64639DE74F3C445C365336A2A1C


  • --- Acknowledgments ----

SGI wishes to thank FIRST and the users of the Internet Community at large for their assistance in this matter.


  • --- Links ---

SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/advisories/

SGI Security Patches can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/patches/

SGI patches for IRIX can be found at the following patch servers: http://support.sgi.com/irix/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at: http://freeware.sgi.com/

SGI fixes for SGI open sourced code can be found on: http://oss.sgi.com/projects/

SGI patches and RPMs for Linux can be found at: http://support.sgi.com/linux/ or http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/

SGI patches for Windows NT or 2000 can be found at: http://support.sgi.com/nt/

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at: http://support.sgi.com/colls/patches/tools/relstream/index.html

IRIX 6.5 Software Update CDs can be obtained from: http://support.sgi.com/irix/swupdates/

The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors patches.sgi.com security FTP repository) lags behind and does not do a real-time update.


  • --- SGI Security Information/Contacts ---

If there are questions about this document, email can be sent to security-info@sgi.com.

                  ------oOo------

SGI provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to security-info@sgi.com.

For assistance obtaining or working with security patches, please contact your SGI support provider.

                  ------oOo------

SGI provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/support/security/wiretap.html) or by sending email to SGI as outlined below.

% mail wiretap-request@sgi.com subscribe wiretap <YourEmailAddress such as aaanalyst@sgi.com > end ^d

In the example above, <YourEmailAddress> is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message.

                  ------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/support/security/ .

                  ------oOo------

If there are general security questions on SGI systems, email can be sent to security-info@sgi.com.

For reporting NEW SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report.


  This information is provided freely to all interested parties
  and may be redistributed provided that it is not altered in any
  way, SGI is appropriately credited and the document retains and
  includes its valid PGP signature.

-----BEGIN PGP SIGNATURE----- Version: 2.6.2

iQCVAwUBPWQUwLQ4cFApAP75AQGg+wQAvJfYAbn6dP6JQkqB6NIrSHjJd86MtgS5 O0reWu40obEk5DBnnsFlSQkc5AFa2vppn0z1s6RTL6nXw0LB+CXaqSxywdKVzd2d JR4odtYvVjC04bJSjSjcZu9bGIiaNhiPFz3DCTIEShdyoQSn5RANroSX4GvyoWc1 qIND5E/nKR8= =pFRh -----END PGP SIGNATURE-----