IRIX 5.2 Security Advisory

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dave Sill: "Re: IRIX 5.2 Security Advisory"
• Previous message: Jason Prondak: "Re: PINGWARE"
• Next in thread: Dave Sill: "Re: IRIX 5.2 Security Advisory"

I am cc'ing this update to several mailing lists the advisory has been
forwarded to since last week.

Steve Kotsopoulos <steve@ecf.toronto.edu> wrote:
>I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp
>system doesn't seem to contain anything but data files with normal
>permissions (no setuid programs).
>
>How can the removal of this subsystem affect security?
>Was there a typo in the advisory, perhaps?
>
>If anyone knows, please pass on the information.

Since last Friday, I have found out the following from people at SGI:

: There's no typo. It's correct. I suggest that you do it rather rapidly.

So everyone running IRIX 5.2 is advised to run:

	# versions remove sgihelp.books.ViewerHelp

When I asked for an explanation of the problem, or even a hint:

: If we told you what the problem was, then you might go break into other
: machines. That wouldn't look good for SGI. In fact, 99% of the people
: wouldn't use the info to break into other machines. We just have to
: watch out for that 1%.

After I asked how I could detect if it has been exploited on my system:

: There is no way to know if someone has exploited the bug. It's such
: a quiet little hole that it doesn't leave a mark anywhere. You don't
: even have to logon to exploit it. That's how bad it is.

I have also been told by another SGI customer that SGI's Technical
Assistance Center hasn't been told what the problem is.

Corrections and updates to the above information is encouraged.

	Steve

• Next message: Dave Sill: "Re: IRIX 5.2 Security Advisory"
• Previous message: Jason Prondak: "Re: PINGWARE"
• Next in thread: Dave Sill: "Re: IRIX 5.2 Security Advisory"