[<prev] [next>] [day] [month] [year] [list]
Message-ID: <10208211547.ZM391150@einstein.csd.sgi.com>
From: agent99 at sgi.com (SGI Security Coordinator)
Subject: WorldView vulnerability on IRIX
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SGI Security Advisory
Title: WorldView vulnerability
Number: 20000803-01-P
Date: August 21, 2002
Reference: SGI Security Advisory 20000803-01-A
Reference: CVE CAN-2000-0704
______________________________________________________________________________
- -----------------------
- --- Issue Specifics ---
- -----------------------
This bulletin is a followup to SGI Security Bulletin 20000803-01-A.
There is a root buffer overflow vulnerability in WorldView reported by
Shadow Penguin Security Org. on the FreeWnn Mailing List:
http://www.tomo.gr.jp/users/wnn/0008ml/msg00000.html (in Japanese)
and also reported by Omron Software on
http://www.omronsoft.co.jp/SP/support/pcunix/wnn/update1.html (in Japanese)
Besides the issues discussed in 20000803-01-A, there is an additional
vulnerability that is addressed by this advisory and the fixes noted herein.
WorldView is an optional purchased product used by SGI customers that
require foreign language support in IRIX. It is not installed by default on
base IRIX. Only SGI systems that have WorldView Japanese, Korean, and
Chinese installed are vulnerable to these issues.
The WorldView vulnerability can lead to root access through a buffer
overflow exploit. SGI has investigated the issue and recommends the
following steps for neutralizing the exposure.
The workaround involves changing ownership of the [jks]server to a non-
privileged user (see detail below). It is HIGHLY RECOMMENDED that these
measures be implemented on ALL vulnerable SGI systems.
These issues have been corrected with patches an in future releases of IRIX.
- --------------
- --- Impact ---
- --------------
The WorldView package is not installed by default on IRIX 6.5 systems.
To determine the version of IRIX you are running, execute the following
command:
# uname -R
That will return a result similar to the following:
# 6.5 6.5.16f
The first number ("6.5") is the release name, the second ("6.5.16f" in this
case) is the extended release name. The extended release name is the
"version" we refer to throughout this document.
To see if WorldView is installed, execute the following command:
# versions -b | grep WorldView
I WorldView_base_jp 05/06/1998 WorldView Base Japanese 6.5
I WorldView_books_jp 05/06/1998 WorldView Books: Japanese 6.5
I WorldView_fonts_jp1 05/06/1998 WorldView Fonts Japanese, 6.5
I WorldView_japanese 05/06/1998 WorldView Japanese 6.5
If the output is similar to that shown above, then WorldView is installed
and the system may be vulnerable.
This vulnerability was assigned the following CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0704
- ----------------------------
- --- Temporary Workaround ---
- ----------------------------
SGI understands that there are times when upgrading the operating system or
installing patches are inconvenient or not possible. In those instances, we
recommend the following workaround:
Japanese:
=======
o Step 1: Become the root user on the system.
% /bin/su -
Password:
#
o Step 2: Verify WorldView is installed as shown above. Only systems that have
WorldView installed are vulnerable.
o Step 3: If the WorldView is not currently needed, disable the jserver.
# chkconfig jserver off
Note: This will disable Japanese character input support.
o Step 3: Add the following lines to the files /etc/password and /etc/group
with a text editor like vi.
/etc/passwd:
wnn:*:127:127:Wnn System Account:/usr/lib/wnn6:/bin/sh
/etc/group:
wnn:*:127
o Step 4: Change the owner of the WNN related files.
# chown -R wnn.sys /usr/bin/Wnn6
# chown -R wnn.sys /usr/lib/wnn6
o Step 5: Verify that the file ownership changes have been made.
# ls -ls /usr/bin/Wnn6/jserver
1136 -r-sr-xr-x 1 wnn sys 578660
# ls -ls /usr/lib/wnn6/serverdefs
8 -rw-r--r-- 1 wnn sys 662
o Step 6: Reboot the system.
# reboot
Korean:
=======
o Step 1: Become the root user on the system and
disable kserver
(Example)
% /bin/su
Password:
#
# /etc/init.d/kserver stop
o Step 2: add the following lines to the files
/etc/password and /etc/group with a text editor
like vi.
/etc/password:
wnn:*:127:127:Wnn System Account:/usr/lib/wnn:/bin/sh
/etc/group:
wnn:*:127
o Step 3: Change the owner of Wnn related files.
# chown -R wnn.sys /usr/bin/kWnn4
# chown -R wnn.sys /usr/lib/wnn
o Step 4: Verify that the file ownership changes
have been made.
(Example)
# ls -ls /usr/bin/kWnn4/kserver
1136 -r-sr-xr-x 1 wnn sys 578660 Aug 14 15:24
# ls -ls /usr/lib/wnn/serverdefs
8 -rw-r--r-- 1 wnn sys 662 Aug 14 15:25
o Step 5: Reboot the system or restart kserver.
(Example)
# /etc/init.d/kserver start
# reboot
You may also refer to the file
/usr/bin/kWnn4/add_wnn_account.sh which is created
during installation. Furthermore, for server machines,
especially those not protected by a firewall, that do
not require Korean character input, please execute the
following command and then reboot the system.
# chkconfig kserver off
Chinese:
========
o Step 1: Become the root user on the system and
disable cserver
(Example)
% /bin/su
Password:
#
# /etc/init.d/cserver stop
o Step 2: add the following lines to the files
/etc/password and /etc/group with a text editor
like vi.
/etc/password:
wnn:*:127:127:Wnn System Account:/usr/lib/wnn:/bin/sh
/etc/group:
wnn:*:127
o Step 3: Change the owner of Wnn related files.
# chown -R wnn.sys /usr/bin/cWnn4
# chown -R wnn.sys /usr/lib/wnn
o Step 4: Verify that the file ownership changes
have been made.
(Example)
# ls -ls /usr/bin/cWnn4/cserver
1136 -r-sr-xr-x 1 wnn sys 578660 Aug 14 15:24
# ls -ls /usr/lib/wnn/serverdefs
8 -rw-r--r-- 1 wnn sys 662 Aug 14 15:25
o Step 5: Reboot the system or restart kserver.
(Example)
# /etc/init.d/cserver start
# reboot
You may also refer to the file
/usr/bin/cWnn4/add_wnn_account.sh which is created
during installation. Furthermore, for server machines,
especially those not protected by a firewall, that do
not require Chinese character input, please execute
the following command and then reboot the system.
# chkconfig cserver off
- ----------------
- --- Solution ---
- ----------------
SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.16 when available, or install the
appropriate patch from the list below. Note that there are patches for
Maintenance and Feature streams, for three different languages. See the
notes after the listing for assistance in this admittedly complex matrix.
OS Version Vulnerable? Patch # Other Actions
---------- ----------- ------- -------------
IRIX 3.x unknown Note 1
IRIX 4.x unknown Note 1
IRIX 5.x unknown Note 1
IRIX 6.0.x unknown Note 1
IRIX 6.1 unknown Note 1
IRIX 6.2 unknown Note 1
IRIX 6.3 unknown Note 1
IRIX 6.4 unknown Note 1
IRIX 6.5 yes 4632 Notes 2, 3, & 4
IRIX 6.5 yes 4633 Notes 2, 3, & 5
IRIX 6.5 yes 4644 Notes 2, 3, & 6
IRIX 6.5.1 yes 4632 Notes 2, 3, & 4
IRIX 6.5.1 yes 4633 Notes 2, 3, & 5
IRIX 6.5.1 yes 4644 Notes 2, 3, & 6
IRIX 6.5.2m yes 4632 Notes 2, 3, & 4
IRIX 6.5.2m yes 4633 Notes 2, 3, & 5
IRIX 6.5.2m yes 4644 Notes 2, 3, & 6
IRIX 6.5.2f yes 4645 Notes 2, 3, & 4
IRIX 6.5.2f yes 4646 Notes 2, 3, & 5
IRIX 6.5.2f yes 4647 Notes 2, 3, & 6
IRIX 6.5.3m yes 4632 Notes 2, 3, & 4
IRIX 6.5.3m yes 4633 Notes 2, 3, & 5
IRIX 6.5.3m yes 4644 Notes 2, 3, & 6
IRIX 6.5.3f yes 4645 Notes 2, 3, & 4
IRIX 6.5.3f yes 4646 Notes 2, 3, & 5
IRIX 6.5.3f yes 4647 Notes 2, 3, & 6
IRIX 6.5.4m yes 4632 Notes 2, 3, & 4
IRIX 6.5.4m yes 4633 Notes 2, 3, & 5
IRIX 6.5.4m yes 4644 Notes 2, 3, & 6
IRIX 6.5.4f yes 4645 Notes 2, 3, & 4
IRIX 6.5.4f yes 4646 Notes 2, 3, & 5
IRIX 6.5.4f yes 4647 Notes 2, 3, & 6
IRIX 6.5.5m yes 4632 Notes 2, 3, & 4
IRIX 6.5.5m yes 4633 Notes 2, 3, & 5
IRIX 6.5.5m yes 4644 Notes 2, 3, & 6
IRIX 6.5.5f yes 4645 Notes 2, 3, & 4
IRIX 6.5.5f yes 4646 Notes 2, 3, & 5
IRIX 6.5.5f yes 4647 Notes 2, 3, & 6
IRIX 6.5.6m yes 4632 Notes 2, 3, & 4
IRIX 6.5.6m yes 4633 Notes 2, 3, & 5
IRIX 6.5.6m yes 4644 Notes 2, 3, & 6
IRIX 6.5.6f yes 4645 Notes 2, 3, & 4
IRIX 6.5.6f yes 4646 Notes 2, 3, & 5
IRIX 6.5.6f yes 4647 Notes 2, 3, & 6
IRIX 6.5.7m yes 4632 Notes 2, 3, & 4
IRIX 6.5.7m yes 4633 Notes 2, 3, & 5
IRIX 6.5.7m yes 4644 Notes 2, 3, & 6
IRIX 6.5.7f yes 4645 Notes 2, 3, & 4
IRIX 6.5.7f yes 4646 Notes 2, 3, & 5
IRIX 6.5.7f yes 4647 Notes 2, 3, & 6
IRIX 6.5.8m yes 4632 Notes 2, 3, & 4
IRIX 6.5.8m yes 4633 Notes 2, 3, & 5
IRIX 6.5.8m yes 4644 Notes 2, 3, & 6
IRIX 6.5.8f yes 4645 Notes 2, 3, & 4
IRIX 6.5.8f yes 4646 Notes 2, 3, & 5
IRIX 6.5.8f yes 4647 Notes 2, 3, & 6
IRIX 6.5.9m yes 4632 Notes 2, 3, & 4
IRIX 6.5.9m yes 4633 Notes 2, 3, & 5
IRIX 6.5.9m yes 4644 Notes 2, 3, & 6
IRIX 6.5.9f yes 4645 Notes 2, 3, & 4
IRIX 6.5.9f yes 4646 Notes 2, 3, & 5
IRIX 6.5.9f yes 4647 Notes 2, 3, & 6
IRIX 6.5.10m yes 4632 Notes 2, 3, & 4
IRIX 6.5.10m yes 4633 Notes 2, 3, & 5
IRIX 6.5.10m yes 4644 Notes 2, 3, & 6
IRIX 6.5.10f yes 4645 Notes 2, 3, & 4
IRIX 6.5.10f yes 4646 Notes 2, 3, & 5
IRIX 6.5.10f yes 4647 Notes 2, 3, & 6
IRIX 6.5.11m yes 4632 Notes 2, 3, & 4
IRIX 6.5.11m yes 4633 Notes 2, 3, & 5
IRIX 6.5.11m yes 4644 Notes 2, 3, & 6
IRIX 6.5.11f yes 4645 Notes 2, 3, & 4
IRIX 6.5.11f yes 4646 Notes 2, 3, & 5
IRIX 6.5.11f yes 4647 Notes 2, 3, & 6
IRIX 6.5.12m yes 4632 Notes 2, 3, & 4
IRIX 6.5.12m yes 4633 Notes 2, 3, & 5
IRIX 6.5.12m yes 4644 Notes 2, 3, & 6
IRIX 6.5.12f yes 4645 Notes 2, 3, & 4
IRIX 6.5.12f yes 4646 Notes 2, 3, & 5
IRIX 6.5.12f yes 4647 Notes 2, 3, & 6
IRIX 6.5.13m yes 4632 Notes 2, 3, & 4
IRIX 6.5.13m yes 4633 Notes 2, 3, & 5
IRIX 6.5.13m yes 4644 Notes 2, 3, & 6
IRIX 6.5.13f yes 4645 Notes 2, 3, & 4
IRIX 6.5.13f yes 4646 Notes 2, 3, & 5
IRIX 6.5.13f yes 4647 Notes 2, 3, & 6
IRIX 6.5.14m yes 4632 Notes 2, 3, & 4
IRIX 6.5.14m yes 4633 Notes 2, 3, & 5
IRIX 6.5.14m yes 4644 Notes 2, 3, & 6
IRIX 6.5.14f yes 4645 Notes 2, 3, & 4
IRIX 6.5.14f yes 4646 Notes 2, 3, & 5
IRIX 6.5.14f yes 4647 Notes 2, 3, & 6
IRIX 6.5.15m yes 4632 Notes 2, 3, & 4
IRIX 6.5.15m yes 4633 Notes 2, 3, & 5
IRIX 6.5.15m yes 4644 Notes 2, 3, & 6
IRIX 6.5.15f yes 4645 Notes 2, 3, & 4
IRIX 6.5.15f yes 4646 Notes 2, 3, & 5
IRIX 6.5.15f yes 4647 Notes 2, 3, & 6
IRIX 6.5.16m no
IRIX 6.5.16f no
NOTES
1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system. See
http://support.sgi.com/irix/news/index.html#policy for more
information.
2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/
3) Upgrade to IRIX 6.5.16m or 6.5.16f.
4) This patch is for the Chinese version of WorldView
5) This patch is for the Japanese version of WorldView
6) This patch is for the Korean version of WorldView
##### Patch File Checksums ####
The actual patch will be a tar file containing the following files:
Filename: README.patch.4632
Algorithm #1 (sum -r): 26909 9 README.patch.4632
Algorithm #2 (sum): 65166 9 README.patch.4632
MD5 checksum: 2FD2DA8D620CD6D1AACF3AEBA849A8CC
Filename: patchSG0004632
Algorithm #1 (sum -r): 55463 11 patchSG0004632
Algorithm #2 (sum): 45916 11 patchSG0004632
MD5 checksum: BE1192C3956DA4AFAAAEB20E80B4B871
Filename: patchSG0004632.WorldView_base_zh_man
Algorithm #1 (sum -r): 04888 60 patchSG0004632.WorldView_base_zh_man
Algorithm #2 (sum): 11741 60 patchSG0004632.WorldView_base_zh_man
MD5 checksum: 3E9A9291C665ABCB05C226E474025772
Filename: patchSG0004632.WorldView_base_zh_sw
Algorithm #1 (sum -r): 10189 8796 patchSG0004632.WorldView_base_zh_sw
Algorithm #2 (sum): 60949 8796 patchSG0004632.WorldView_base_zh_sw
MD5 checksum: 8F10B772F984918DD538B0E22119DC59
Filename: patchSG0004632.idb
Algorithm #1 (sum -r): 28940 57 patchSG0004632.idb
Algorithm #2 (sum): 53711 57 patchSG0004632.idb
MD5 checksum: 577BEFF5AF3E74CA26F131022087C213
Filename: README.patch.4633
Algorithm #1 (sum -r): 13789 21 README.patch.4633
Algorithm #2 (sum): 36010 21 README.patch.4633
MD5 checksum: AC34AEC5FA49059C97C4827648CEFF74
Filename: patchSG0004633
Algorithm #1 (sum -r): 47911 15 patchSG0004633
Algorithm #2 (sum): 55668 15 patchSG0004633
MD5 checksum: 46189BAFED486CD7EB9C0DE4015CE15A
Filename: patchSG0004633.WorldView_base_jp_m_man
Algorithm #1 (sum -r): 58493 534 patchSG0004633.WorldView_base_jp_m_man
Algorithm #2 (sum): 8259 534 patchSG0004633.WorldView_base_jp_m_man
MD5 checksum: 8D11313946D296D067638C172346EE04
Filename: patchSG0004633.WorldView_base_jp_m_sw
Algorithm #1 (sum -r): 37659 27483 patchSG0004633.WorldView_base_jp_m_sw
Algorithm #2 (sum): 41431 27483 patchSG0004633.WorldView_base_jp_m_sw
MD5 checksum: E1FEE921C457B1AEE21BB8FD1A2ED6A5
Filename: patchSG0004633.WorldView_base_jp_man
Algorithm #1 (sum -r): 58493 534 patchSG0004633.WorldView_base_jp_man
Algorithm #2 (sum): 8259 534 patchSG0004633.WorldView_base_jp_man
MD5 checksum: 8D11313946D296D067638C172346EE04
Filename: patchSG0004633.WorldView_base_jp_sw
Algorithm #1 (sum -r): 37659 27483 patchSG0004633.WorldView_base_jp_sw
Algorithm #2 (sum): 41431 27483 patchSG0004633.WorldView_base_jp_sw
MD5 checksum: E1FEE921C457B1AEE21BB8FD1A2ED6A5
Filename: patchSG0004633.idb
Algorithm #1 (sum -r): 14135 314 patchSG0004633.idb
Algorithm #2 (sum): 32019 314 patchSG0004633.idb
MD5 checksum: 0D88FA74BDD7A36B74429DFDBB1E6F6C
Filename: README.patch.4644
Algorithm #1 (sum -r): 26307 9 README.patch.4644
Algorithm #2 (sum): 63058 9 README.patch.4644
MD5 checksum: 20269396EEB1C9CAE21F0390C49E54FA
Filename: patchSG0004644
Algorithm #1 (sum -r): 40978 3 patchSG0004644
Algorithm #2 (sum): 45657 3 patchSG0004644
MD5 checksum: 4D6A402C38B0580E20E537F106B4BB89
Filename: patchSG0004644.WorldView_base_kr_sw
Algorithm #1 (sum -r): 05837 4367 patchSG0004644.WorldView_base_kr_sw
Algorithm #2 (sum): 46247 4367 patchSG0004644.WorldView_base_kr_sw
MD5 checksum: 4BCA7CED7D3B0C6F0689CC16D63663A3
Filename: patchSG0004644.idb
Algorithm #1 (sum -r): 11364 21 patchSG0004644.idb
Algorithm #2 (sum): 37357 21 patchSG0004644.idb
MD5 checksum: 2D1A6C5EE30221791B5F540D632D1DBB
Filename: README.patch.4645
Algorithm #1 (sum -r): 56495 8 README.patch.4645
Algorithm #2 (sum): 47628 8 README.patch.4645
MD5 checksum: 8E5184C19213475E394A5E5425E002E0
Filename: patchSG0004645
Algorithm #1 (sum -r): 31356 12 patchSG0004645
Algorithm #2 (sum): 42696 12 patchSG0004645
MD5 checksum: 669CFA38E12964A224359E9B047CDA01
Filename: patchSG0004645.WorldView_base_zh_man
Algorithm #1 (sum -r): 11175 83 patchSG0004645.WorldView_base_zh_man
Algorithm #2 (sum): 64903 83 patchSG0004645.WorldView_base_zh_man
MD5 checksum: B2A768642225A7521106BC896F1C3E9C
Filename: patchSG0004645.WorldView_base_zh_sw
Algorithm #1 (sum -r): 04097 23742 patchSG0004645.WorldView_base_zh_sw
Algorithm #2 (sum): 29922 23742 patchSG0004645.WorldView_base_zh_sw
MD5 checksum: D7169017E289DF3ED647D462F886476B
Filename: patchSG0004645.idb
Algorithm #1 (sum -r): 22837 68 patchSG0004645.idb
Algorithm #2 (sum): 51368 68 patchSG0004645.idb
MD5 checksum: 9D361EACF451EF4FA87B10C47E24DDFF
Filename: README.patch.4646
Algorithm #1 (sum -r): 02166 21 README.patch.4646
Algorithm #2 (sum): 55271 21 README.patch.4646
MD5 checksum: AD7A9320DF3B27AE959120F1BD38C6D3
Filename: patchSG0004646
Algorithm #1 (sum -r): 31477 22 patchSG0004646
Algorithm #2 (sum): 57038 22 patchSG0004646
MD5 checksum: C8840105CC22BC09566AF59DDAB0CEF0
Filename: patchSG0004646.WorldView_base_jp_f_man
Algorithm #1 (sum -r): 12074 787 patchSG0004646.WorldView_base_jp_f_man
Algorithm #2 (sum): 9863 787 patchSG0004646.WorldView_base_jp_f_man
MD5 checksum: 137A3ED0288811FDC8E00FF81976EA9D
Filename: patchSG0004646.WorldView_base_jp_f_sw
Algorithm #1 (sum -r): 57843 27481 patchSG0004646.WorldView_base_jp_f_sw
Algorithm #2 (sum): 5392 27481 patchSG0004646.WorldView_base_jp_f_sw
MD5 checksum: 98E94A69F0702DE3FCAD91C72E71555E
Filename: patchSG0004646.WorldView_base_jp_man
Algorithm #1 (sum -r): 12074 787 patchSG0004646.WorldView_base_jp_man
Algorithm #2 (sum): 9863 787 patchSG0004646.WorldView_base_jp_man
MD5 checksum: 137A3ED0288811FDC8E00FF81976EA9D
Filename: patchSG0004646.WorldView_base_jp_sw
Algorithm #1 (sum -r): 57843 27481 patchSG0004646.WorldView_base_jp_sw
Algorithm #2 (sum): 5392 27481 patchSG0004646.WorldView_base_jp_sw
MD5 checksum: 98E94A69F0702DE3FCAD91C72E71555E
Filename: patchSG0004646.idb
Algorithm #1 (sum -r): 49677 344 patchSG0004646.idb
Algorithm #2 (sum): 64578 344 patchSG0004646.idb
MD5 checksum: 89B3B76E5B3E671D05F98CB625A212D0
Filename: README.patch.4647
Algorithm #1 (sum -r): 33928 9 README.patch.4647
Algorithm #2 (sum): 60695 9 README.patch.4647
MD5 checksum: 3050E993AF207C20D9CE07F1262315DC
Filename: patchSG0004647
Algorithm #1 (sum -r): 26329 3 patchSG0004647
Algorithm #2 (sum): 29776 3 patchSG0004647
MD5 checksum: 8D75C0A403FAE2008EB5830F3417E47D
Filename: patchSG0004647.WorldView_base_kr_sw
Algorithm #1 (sum -r): 43891 4367 patchSG0004647.WorldView_base_kr_sw
Algorithm #2 (sum): 38705 4367 patchSG0004647.WorldView_base_kr_sw
MD5 checksum: 556AE9A433FC7A305AF5C3C6A05151AA
Filename: patchSG0004647.idb
Algorithm #1 (sum -r): 13883 21 patchSG0004647.idb
Algorithm #2 (sum): 37267 21 patchSG0004647.idb
MD5 checksum: 1E01C64639DE74F3C445C365336A2A1C
- ------------------------
- --- Acknowledgments ----
- ------------------------
SGI wishes to thank FIRST and the users of the Internet Community at large
for their assistance in this matter.
- -------------
- --- Links ---
- -------------
SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/
SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/
SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/
SGI freeware updates for IRIX can be found at:
http://freeware.sgi.com/
SGI fixes for SGI open sourced code can be found on:
http://oss.sgi.com/projects/
SGI patches and RPMs for Linux can be found at:
http://support.sgi.com/linux/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/
SGI patches for Windows NT or 2000 can be found at:
http://support.sgi.com/nt/
IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/
IRIX 6.5 Maintenance Release Streams can be found at:
http://support.sgi.com/colls/patches/tools/relstream/index.html
IRIX 6.5 Software Update CDs can be obtained from:
http://support.sgi.com/irix/swupdates/
The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/
For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not do a
real-time update.
- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------
If there are questions about this document, email can be sent to
security-info@....com.
------oOo------
SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.
The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/
The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/
For issues with the patches on the FTP sites, email can be sent to
security-info@....com.
For assistance obtaining or working with security patches, please
contact your SGI support provider.
------oOo------
SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.
% mail wiretap-request@....com
subscribe wiretap <YourEmailAddress such as aaanalyst@....com >
end
^d
In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to. The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.
------oOo------
SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .
------oOo------
If there are general security questions on SGI systems, email can be sent to
security-info@....com.
For reporting *NEW* SGI security issues, email can be sent to
security-alert@....com or contact your SGI support provider. A support
contract is not required for submitting a security report.
______________________________________________________________________________
This information is provided freely to all interested parties
and may be redistributed provided that it is not altered in any
way, SGI is appropriately credited and the document retains and
includes its valid PGP signature.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPWQUwLQ4cFApAP75AQGg+wQAvJfYAbn6dP6JQkqB6NIrSHjJd86MtgS5
O0reWu40obEk5DBnnsFlSQkc5AFa2vppn0z1s6RTL6nXw0LB+CXaqSxywdKVzd2d
JR4odtYvVjC04bJSjSjcZu9bGIiaNhiPFz3DCTIEShdyoQSn5RANroSX4GvyoWc1
qIND5E/nKR8=
=pFRh
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists