I am cc'ing this update to several mailing lists the advisory has been forwarded to since last week. Steve Kotsopoulos <steve@ecf.toronto.edu> wrote: >I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp >system doesn't seem to contain anything but data files with normal >permissions (no setuid programs). > >How can the removal of this subsystem affect security? >Was there a typo in the advisory, perhaps? > >If anyone knows, please pass on the information. Since last Friday, I have found out the following from people at SGI: : There's no typo. It's correct. I suggest that you do it rather rapidly. So everyone running IRIX 5.2 is advised to run: # versions remove sgihelp.books.ViewerHelp When I asked for an explanation of the problem, or even a hint: : If we told you what the problem was, then you might go break into other : machines. That wouldn't look good for SGI. In fact, 99% of the people : wouldn't use the info to break into other machines. We just have to : watch out for that 1%. After I asked how I could detect if it has been exploited on my system: : There is no way to know if someone has exploited the bug. It's such : a quiet little hole that it doesn't leave a mark anywhere. You don't : even have to logon to exploit it. That's how bad it is. I have also been told by another SGI customer that SGI's Technical Assistance Center hasn't been told what the problem is. Corrections and updates to the above information is encouraged. Steve