From agent99@boytoy.csd.sgi.com Tue May 21 23:03:02 1996 Date: Tue, 21 May 1996 17:40:26 -0700 From: SGI Security Coordinator Reply-To: Bugtraq List To: Multiple recipients of list BUGTRAQ Subject: SGI Security Advisory 19960501-01-PX -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Silicon Graphics Inc. Security Advisory Title: IRIX 5.3, 6.1, 6.2 Desktop Permissions Panel Number: 19960501-01-PX Date: May 21, 1996 ______________________________________________________________________________ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible. Silicon Graphics will not be liable for any indirect, special, or consequential damages arising from the use of, failure to use or improper use of any of the instructions or information in this Security Advisory. ______________________________________________________________________________ - -------------- - --- Impact --- - -------------- A vulnerability has been discovered in the IRIX 5.3, 6.1, and 6.2 operating systems regarding the permissions tool under the IRIX desktop environment. Normally, this tool is used by users to modify the permissions on their files and files they are privileged for. Under certain conditions, a user may be able to modify the permissions for restricted files. This is SGI Bug #375613. In order to exploit this vulnerability, it is necessary to have access to a local account that can start the graphical permissions tool. Refer to SGI Security Advisory 19951002 and/or system documentation regarding password issues. SGI Engineering has investigated this issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be done on ALL SGI systems running IRIX 5.3, 6.1, and 6.2. This issue will be corrected in future releases of IRIX. - ---------------- - --- Solution --- - ---------------- **** IRIX 5.2, 6.0, 6.0.1 **** IRIX operating system versions 5.2, 6.0, and 6.0.1 are not vulnerable. No further action is required. **** IRIX 5.3 **** For the IRIX operating system version 5.3, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1324 and will only install on IRIX 5.3. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1324 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/5.3 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1324 Algorithm #1 (sum -r): 36453 8 README.patch.1324 Algorithm #2 (sum): 40114 8 README.patch.1324 MD5 checksum: 028F5506433A1B9F770F1809D741EF98 Filename: patchSG0001324 Algorithm #1 (sum -r): 10430 1 patchSG0001324 Algorithm #2 (sum): 35624 1 patchSG0001324 MD5 checksum: F7C85F5A0870BA4C08DD62F181C81F2E Filename: patchSG0001324.desktop_eoe_sw Algorithm #1 (sum -r): 40704 106 patchSG0001324.desktop_eoe_sw Algorithm #2 (sum): 32497 106 patchSG0001324.desktop_eoe_sw MD5 checksum: EAF31E523E150A29FCF487B1C2802F50 Filename: patchSG0001324.idb Algorithm #1 (sum -r): 62749 2 patchSG0001324.idb Algorithm #2 (sum): 58166 2 patchSG0001324.idb MD5 checksum: 96E559406CA6ABD75ACAA879776D028E **** IRIX 6.1 **** For the IRIX operating system version 6.1, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1325 and will only install on IRIX 6.1. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1325 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.1 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1325 Algorithm #1 (sum -r): 64561 8 README.patch.1325 Algorithm #2 (sum): 40513 8 README.patch.1325 MD5 checksum: 846AECCEA5658BAFC843999968EC1F19 Filename: patchSG0001325 Algorithm #1 (sum -r): 49679 1 patchSG0001325 Algorithm #2 (sum): 31737 1 patchSG0001325 MD5 checksum: 277DC0914388DB42CAF4F67166B6AD84 Filename: patchSG0001325.desktop_eoe_sw Algorithm #1 (sum -r): 23688 106 patchSG0001325.desktop_eoe_sw Algorithm #2 (sum): 16622 106 patchSG0001325.desktop_eoe_sw MD5 checksum: F9C6CBB8085916980F6FB0E750ED2739 Filename: patchSG0001325.idb Algorithm #1 (sum -r): 44246 2 patchSG0001325.idb Algorithm #2 (sum): 58029 2 patchSG0001325.idb MD5 checksum: 7B5A50A754D4F2BCF43B2FB36402D2B9 **** IRIX 6.2 **** For the IRIX operating system version 6.2, an inst-able patch has been generated and made available via anonymous FTP and your service/support provider. The patch is number 1326 and will only install on IRIX 6.2. The SGI anonymous FTP site is sgigate.sgi.com (204.94.209.1) or its mirror, ftp.sgi.com. Patch 1326 can be found in the following directories on the FTP server: ~ftp/Security or ~ftp/Patches/6.2 ##### Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.1326 Algorithm #1 (sum -r): 26556 8 README.patch.1326 Algorithm #2 (sum): 40503 8 README.patch.1326 MD5 checksum: 100284465A0FC83BCDA9F51276628C2F Filename: patchSG0001326 Algorithm #1 (sum -r): 09453 1 patchSG0001326 Algorithm #2 (sum): 33991 1 patchSG0001326 MD5 checksum: F22B45302095D815129FCDB52204F947 Filename: patchSG0001326.desktop_eoe_sw Algorithm #1 (sum -r): 33276 105 patchSG0001326.desktop_eoe_sw Algorithm #2 (sum): 65086 105 patchSG0001326.desktop_eoe_sw MD5 checksum: 10798EFCDAB679BC26DE18A007666599 Filename: patchSG0001326.idb Algorithm #1 (sum -r): 34209 2 patchSG0001326.idb Algorithm #2 (sum): 57308 2 patchSG0001326.idb MD5 checksum: 3F7CA27CB954C83ACA7E711B1F29139F - ------------------------ - --- Acknowledgments --- - ------------------------ Silicon Graphics wishes to thank Aaron Mantel of NASA for his assistance in this matter. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- Past SGI Advisories and security patches can be obtained via anonymous FTP from sgigate.sgi.com or its mirror, ftp.sgi.com. These security patches and advisories are provided freely to all interested parties. For issues with the patches on the FTP sites, email can be sent to cse-security-alert@csd.sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. If there are questions about this document, email can be sent to cse-security-alert@csd.sgi.com. Silicon Graphics provides a free security mailing list service. The wiretap service allows interested parties to self-subscribe to receive (via email) all SGI Security Advisories when released. mail external-majordomo@postofc.corp.sgi.com [BODY of "subscribe wiretap YourEmailAddress"] For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. For those customers with WWW capability, the Silicon Graphics Security Headquarters webpages serve as a focal point for security related information for the Silicon Graphics environment. The URL is: http://www.sgi.com/Support/Secur/security.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMaJaJLQ4cFApAP75AQFyiAP/Vibhy2dnvrJ9pX+l5tqFptrZne//m7CJ E5sKDWBbo8T1v9ggJzh5euargK7117EOidOsK2hPLt8oOZfb6ZEZS4FWE7P1phEn rr5EsJGzLUmyuJj8AcjA9yYBg59qBXOSm9/APQAkRlTEe6ScgIpnIDVtV8N2tCrZ Xn5Ns1YqmAw= =D2ey -----END PGP SIGNATURE-----