From agent99@sgi.com Wed Apr 9 23:32:03 2003 From: SGI Security Coordinator To: agent99@sgi.com Newsgroups: comp.sys.sgi.announce, comp.security.unix, comp.sys.sgi.admin, comp.security.announce Date: Tue, 8 Apr 2003 14:50:40 -0700 Subject: Multiple Vulnerabilities in libc RPC functions on IRIX -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SGI Security Advisory Title : Multiple Vulnerabilities in libc RPC functions Number : 20030402-01-P Date : April 8, 2003 Reference: CERT CA-2003-10 Reference: CERT VU#516825 Reference: CVE CAN-2003-0028 Reference: SGI BUGS 879633 880920 880921 880925 Fixed in : IRIX 6.5.20 (when available) or patches 4986-4993 & 5014-5015 ______________________________________________________________________________ - ----------------------- - --- Issue Specifics --- - ----------------------- It's been reported that there are multiple security vulnerabilities in the IRIX libc relating to RPC functions: o Error in xdrmem_getbytes() may allow a remote user to crash some key RPC applications, resulting in a denial of service o RPC Requests Involving AUTH_DES Authentication may allow a remote user to gain elevated privileges See the following URLs for additional information: http://www.cert.org/advisories/CA-2003-10.html http://www.kb.cert.org/vuls/id/516825 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028 SGI has investigated the issues and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. These issues have been corrected with patches and future releases of IRIX. - -------------- - --- Impact --- - -------------- libc is the standard C library and is installed by default on Irix 6.5 systems as part of eoe.sw.base. To determine the version of IRIX you are running, execute the following command: # /bin/uname -R That will return a result similar to the following: # 6.5 6.5.19f The first number ("6.5") is the release name, the second ("6.5.19f" in this case) is the extended release name. The extended release name is the "version" we refer to throughout this document. - ---------------------------- - --- Temporary Workaround --- - ---------------------------- If you want to run ONC/RPC services, there is no effective workaround available for these problems. SGI recommends either upgrading to IRIX 6.5.20 (when available), or installing the appropriate patch from the listing below. - ---------------- - --- Solution --- - ---------------- SGI has provided a series of patches for these vulnerabilities. Our recommendation is to upgrade to IRIX 6.5.20 (when available), or install the appropriate patch. OS Version Vulnerable? Patch # Other Actions ---------- ----------- ------- ------------- IRIX 3.x unknown Note 1 IRIX 4.x unknown Note 1 IRIX 5.x unknown Note 1 IRIX 6.0.x unknown Note 1 IRIX 6.1 unknown Note 1 IRIX 6.2 unknown Note 1 IRIX 6.3 unknown Note 1 IRIX 6.4 unknown Note 1 IRIX 6.5 yes Notes 2 & 3 IRIX 6.5.1 yes Notes 2 & 3 IRIX 6.5.2 yes Notes 2 & 3 IRIX 6.5.3 yes Notes 2 & 3 IRIX 6.5.4 yes Notes 2 & 3 IRIX 6.5.5 yes Notes 2 & 3 IRIX 6.5.6 yes Notes 2 & 3 IRIX 6.5.7 yes Notes 2 & 3 IRIX 6.5.8 yes Notes 2 & 3 IRIX 6.5.9 yes Notes 2 & 3 IRIX 6.5.10 yes Notes 2 & 3 IRIX 6.5.11 yes Notes 2 & 3 IRIX 6.5.12 yes Notes 2 & 3 IRIX 6.5.13 yes Notes 2 & 3 IRIX 6.5.14 yes Notes 2 & 3 IRIX 6.5.15m yes 4986 Notes 2 & 4 IRIX 6.5.15f yes 4987 Notes 2 & 4 IRIX 6.5.16m yes 4988 Notes 2 & 4 IRIX 6.5.16f yes 4989 Notes 2 & 4 IRIX 6.5.17m yes 4990 Notes 2 & 4 IRIX 6.5.17f yes 4991 Notes 2 & 4 IRIX 6.5.18m yes 5014 Notes 2 & 4 IRIX 6.5.18f yes 5015 Notes 2 & 4 IRIX 6.5.19m yes 4992 Notes 2 & 4 IRIX 6.5.19f yes 4993 Notes 2 & 4 IRIX 6.5.20 no NOTES 1) This version of the IRIX operating has been retired. Upgrade to an actively supported IRIX operating system. See http://support.sgi.com/ for more information. 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your SGI Support Provider or URL: http://support.sgi.com/ 3) Upgrade to IRIX 6.5.20 (when available) 4) Install the patch. ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.4986 Algorithm #1 (sum -r): 61774 9 README.patch.4986 Algorithm #2 (sum): 21690 9 README.patch.4986 MD5 checksum: 4100D3EF351C98674E83874501E03067 Filename: patchSG0004986 Algorithm #1 (sum -r): 10565 7 patchSG0004986 Algorithm #2 (sum): 28769 7 patchSG0004986 MD5 checksum: 7FF5B4F674287E258465AA3D2243EEDB Filename: patchSG0004986.dev_sw Algorithm #1 (sum -r): 43759 2812 patchSG0004986.dev_sw Algorithm #2 (sum): 43200 2812 patchSG0004986.dev_sw MD5 checksum: 13ACE1127AF733103829FB83CC8EFC6A Filename: patchSG0004986.eoe_sw Algorithm #1 (sum -r): 37170 13954 patchSG0004986.eoe_sw Algorithm #2 (sum): 55729 13954 patchSG0004986.eoe_sw MD5 checksum: 5DD4C32ED0107DA98D1FBBF76A7EA861 Filename: patchSG0004986.eoe_sw64 Algorithm #1 (sum -r): 43656 5376 patchSG0004986.eoe_sw64 Algorithm #2 (sum): 40309 5376 patchSG0004986.eoe_sw64 MD5 checksum: 313221B3C13A5C0E6F74AE4CA2F0E11B Filename: patchSG0004986.idb Algorithm #1 (sum -r): 56197 9 patchSG0004986.idb Algorithm #2 (sum): 12309 9 patchSG0004986.idb MD5 checksum: 8F71D3523B68433B4AFA7E2F99558E78 Filename: patchSG0004986.nfs_sw Algorithm #1 (sum -r): 51514 115 patchSG0004986.nfs_sw Algorithm #2 (sum): 61310 115 patchSG0004986.nfs_sw MD5 checksum: A18AE064804D423D306B487CB7835386 Filename: README.patch.4987 Algorithm #1 (sum -r): 42494 9 README.patch.4987 Algorithm #2 (sum): 21721 9 README.patch.4987 MD5 checksum: 8570BB376D6F59BC827FF323A1DF2974 Filename: patchSG0004987 Algorithm #1 (sum -r): 55220 7 patchSG0004987 Algorithm #2 (sum): 32945 7 patchSG0004987 MD5 checksum: 601E52E5B17F2F388755A71D17242B16 Filename: patchSG0004987.dev_sw Algorithm #1 (sum -r): 14159 2868 patchSG0004987.dev_sw Algorithm #2 (sum): 26238 2868 patchSG0004987.dev_sw MD5 checksum: 2C7F49972C94D3A09D563A7CADFD7F1F Filename: patchSG0004987.eoe_sw Algorithm #1 (sum -r): 19650 14174 patchSG0004987.eoe_sw Algorithm #2 (sum): 24693 14174 patchSG0004987.eoe_sw MD5 checksum: A129667677B6F43B8E6647283E688C8F Filename: patchSG0004987.eoe_sw64 Algorithm #1 (sum -r): 40622 5447 patchSG0004987.eoe_sw64 Algorithm #2 (sum): 3093 5447 patchSG0004987.eoe_sw64 MD5 checksum: 3B9F909D7E5F84E8A240696348D1F808 Filename: patchSG0004987.idb Algorithm #1 (sum -r): 15545 9 patchSG0004987.idb Algorithm #2 (sum): 12210 9 patchSG0004987.idb MD5 checksum: E926EE1AB412033DA5E24AB1556279F7 Filename: patchSG0004987.nfs_sw Algorithm #1 (sum -r): 53129 115 patchSG0004987.nfs_sw Algorithm #2 (sum): 52921 115 patchSG0004987.nfs_sw MD5 checksum: 19A37D152817775322CDAF83CDAA160F Filename: README.patch.4988 Algorithm #1 (sum -r): 54036 9 README.patch.4988 Algorithm #2 (sum): 20975 9 README.patch.4988 MD5 checksum: FA3F64B2C66A8657A431A3D7D6B85C27 Filename: patchSG0004988 Algorithm #1 (sum -r): 10456 7 patchSG0004988 Algorithm #2 (sum): 2468 7 patchSG0004988 MD5 checksum: B6BBB2ADC001EE3578A051987C868101 Filename: patchSG0004988.dev_sw Algorithm #1 (sum -r): 31020 2831 patchSG0004988.dev_sw Algorithm #2 (sum): 12754 2831 patchSG0004988.dev_sw MD5 checksum: 37C8D39EF07603C699EEB0879311CD1D Filename: patchSG0004988.eoe_sw Algorithm #1 (sum -r): 15309 13910 patchSG0004988.eoe_sw Algorithm #2 (sum): 4816 13910 patchSG0004988.eoe_sw MD5 checksum: 3512DBF7FD6BDA4C4BF361C692F3C266 Filename: patchSG0004988.eoe_sw64 Algorithm #1 (sum -r): 38559 5367 patchSG0004988.eoe_sw64 Algorithm #2 (sum): 33256 5367 patchSG0004988.eoe_sw64 MD5 checksum: C59D7B7ACEC50890C4521F830EF32033 Filename: patchSG0004988.idb Algorithm #1 (sum -r): 17825 9 patchSG0004988.idb Algorithm #2 (sum): 12414 9 patchSG0004988.idb MD5 checksum: D105E81160E04E1AC361CE46E8DBE227 Filename: patchSG0004988.nfs_sw Algorithm #1 (sum -r): 33431 115 patchSG0004988.nfs_sw Algorithm #2 (sum): 53331 115 patchSG0004988.nfs_sw MD5 checksum: 75A64F2151A9307AFA7A49DA00E9EC33 Filename: README.patch.4989 Algorithm #1 (sum -r): 51851 9 README.patch.4989 Algorithm #2 (sum): 20956 9 README.patch.4989 MD5 checksum: 493DCEAE03F631F9FD1DAF84ADC920DB Filename: patchSG0004989 Algorithm #1 (sum -r): 38733 7 patchSG0004989 Algorithm #2 (sum): 6858 7 patchSG0004989 MD5 checksum: 320C60D8E11375A6FB5FB77FF86F2A32 Filename: patchSG0004989.dev_sw Algorithm #1 (sum -r): 53855 2869 patchSG0004989.dev_sw Algorithm #2 (sum): 62584 2869 patchSG0004989.dev_sw MD5 checksum: 287B269FF11F59DD05829A815E14486E Filename: patchSG0004989.eoe_sw Algorithm #1 (sum -r): 58175 14174 patchSG0004989.eoe_sw Algorithm #2 (sum): 60323 14174 patchSG0004989.eoe_sw MD5 checksum: 0B972731868CF1687289E8437CC45E58 Filename: patchSG0004989.eoe_sw64 Algorithm #1 (sum -r): 53864 5427 patchSG0004989.eoe_sw64 Algorithm #2 (sum): 59801 5427 patchSG0004989.eoe_sw64 MD5 checksum: 6500F15FB408CE99E79A4946C96CCF60 Filename: patchSG0004989.idb Algorithm #1 (sum -r): 20351 9 patchSG0004989.idb Algorithm #2 (sum): 12579 9 patchSG0004989.idb MD5 checksum: FAFB9BAF9FC79A1C77DBAC88105FE646 Filename: patchSG0004989.nfs_sw Algorithm #1 (sum -r): 32454 115 patchSG0004989.nfs_sw Algorithm #2 (sum): 6524 115 patchSG0004989.nfs_sw MD5 checksum: 255E61F3FD31A8D406AFD321791BCAF1 Filename: README.patch.4990 Algorithm #1 (sum -r): 22554 9 README.patch.4990 Algorithm #2 (sum): 20896 9 README.patch.4990 MD5 checksum: 61A056B33B722CCECC9A843117BD2C24 Filename: patchSG0004990 Algorithm #1 (sum -r): 60147 7 patchSG0004990 Algorithm #2 (sum): 4685 7 patchSG0004990 MD5 checksum: F00E182B81015BB2B14730FE73152988 Filename: patchSG0004990.dev_sw Algorithm #1 (sum -r): 63952 2868 patchSG0004990.dev_sw Algorithm #2 (sum): 26451 2868 patchSG0004990.dev_sw MD5 checksum: 761E55428E974C9E27C222C783BCC3E9 Filename: patchSG0004990.eoe_sw Algorithm #1 (sum -r): 53468 14325 patchSG0004990.eoe_sw Algorithm #2 (sum): 4614 14325 patchSG0004990.eoe_sw MD5 checksum: DF6EE260957DFA3ED21E3CE6B82B0DFC Filename: patchSG0004990.eoe_sw64 Algorithm #1 (sum -r): 13326 5508 patchSG0004990.eoe_sw64 Algorithm #2 (sum): 43762 5508 patchSG0004990.eoe_sw64 MD5 checksum: 378333FCF8D9429E6A4903B893F62DB2 Filename: patchSG0004990.idb Algorithm #1 (sum -r): 49324 9 patchSG0004990.idb Algorithm #2 (sum): 12253 9 patchSG0004990.idb MD5 checksum: AA6BEDBBD7FD8A3F574870CBDC9BB777 Filename: patchSG0004990.nfs_sw Algorithm #1 (sum -r): 48070 115 patchSG0004990.nfs_sw Algorithm #2 (sum): 57003 115 patchSG0004990.nfs_sw MD5 checksum: C4AC599FA88F3067509A0A637A9B1A09 Filename: README.patch.4991 Algorithm #1 (sum -r): 24771 9 README.patch.4991 Algorithm #2 (sum): 20885 9 README.patch.4991 MD5 checksum: 4E8E37BF49B82F24EEFF47242BDBACC7 Filename: patchSG0004991 Algorithm #1 (sum -r): 11243 6 patchSG0004991 Algorithm #2 (sum): 56912 6 patchSG0004991 MD5 checksum: 7E2EB3F27993B3AD84038D5F43AEA4EF Filename: patchSG0004991.dev_sw Algorithm #1 (sum -r): 43880 2918 patchSG0004991.dev_sw Algorithm #2 (sum): 44083 2918 patchSG0004991.dev_sw MD5 checksum: 3CF5C9BF304B02E5BDEDEDC9BAD78ABB Filename: patchSG0004991.eoe_sw Algorithm #1 (sum -r): 26013 14523 patchSG0004991.eoe_sw Algorithm #2 (sum): 12876 14523 patchSG0004991.eoe_sw MD5 checksum: 1AAAACD4E473F9BABF2736FFB2075E03 Filename: patchSG0004991.eoe_sw64 Algorithm #1 (sum -r): 02872 5609 patchSG0004991.eoe_sw64 Algorithm #2 (sum): 14713 5609 patchSG0004991.eoe_sw64 MD5 checksum: 3AED46F79939C44DE6ED8B1DB00711AC Filename: patchSG0004991.idb Algorithm #1 (sum -r): 24359 9 patchSG0004991.idb Algorithm #2 (sum): 12054 9 patchSG0004991.idb MD5 checksum: 5F8614BB623D0EFF00B19EA66FEF8B4A Filename: patchSG0004991.nfs_sw Algorithm #1 (sum -r): 62946 115 patchSG0004991.nfs_sw Algorithm #2 (sum): 45785 115 patchSG0004991.nfs_sw MD5 checksum: 013B271FE9ED46EE948ED0F9A132E6FA Filename: README.patch.4992 Algorithm #1 (sum -r): 62488 9 README.patch.4992 Algorithm #2 (sum): 2400 9 README.patch.4992 MD5 checksum: 2DA6FC388A96B109B9E9DBFEDC6BEC81 Filename: patchSG0004992 Algorithm #1 (sum -r): 55975 6 patchSG0004992 Algorithm #2 (sum): 55104 6 patchSG0004992 MD5 checksum: 4E23522A7A4536BBDECC40FE97069653 Filename: patchSG0004992.dev_sw Algorithm #1 (sum -r): 11555 2916 patchSG0004992.dev_sw Algorithm #2 (sum): 26423 2916 patchSG0004992.dev_sw MD5 checksum: C69A21A716B871BA16FDEBE940CA5CD4 Filename: patchSG0004992.eoe_sw Algorithm #1 (sum -r): 46384 15057 patchSG0004992.eoe_sw Algorithm #2 (sum): 5452 15057 patchSG0004992.eoe_sw MD5 checksum: F9DE793DA8CDC6FCF36F071135D5ACB9 Filename: patchSG0004992.eoe_sw64 Algorithm #1 (sum -r): 29483 5834 patchSG0004992.eoe_sw64 Algorithm #2 (sum): 56980 5834 patchSG0004992.eoe_sw64 MD5 checksum: 9CF1AD1672D0AD42DC7310F6DDFCFE2C Filename: patchSG0004992.idb Algorithm #1 (sum -r): 45603 9 patchSG0004992.idb Algorithm #2 (sum): 36925 9 patchSG0004992.idb MD5 checksum: 4F7E165860C13E2224531A959002B6E5 Filename: patchSG0004992.irix_dev_sw Algorithm #1 (sum -r): 52495 2 patchSG0004992.irix_dev_sw Algorithm #2 (sum): 22110 2 patchSG0004992.irix_dev_sw MD5 checksum: A8ED74ACA7BB04C89844B4A7D3C07709 Filename: patchSG0004992.nfs_sw Algorithm #1 (sum -r): 01074 116 patchSG0004992.nfs_sw Algorithm #2 (sum): 6747 116 patchSG0004992.nfs_sw MD5 checksum: A29136BB3BBAA661687CA30AFAA5F2F9 Filename: README.patch.4993 Algorithm #1 (sum -r): 56930 9 README.patch.4993 Algorithm #2 (sum): 2421 9 README.patch.4993 MD5 checksum: 8CB0C2B8AE21B0E54E975C644D17A832 Filename: patchSG0004993 Algorithm #1 (sum -r): 58388 6 patchSG0004993 Algorithm #2 (sum): 62220 6 patchSG0004993 MD5 checksum: 112B2F1EE8A6663F7574F0A3ECF81786 Filename: patchSG0004993.dev_sw Algorithm #1 (sum -r): 25397 2969 patchSG0004993.dev_sw Algorithm #2 (sum): 63934 2969 patchSG0004993.dev_sw MD5 checksum: B0675BA779F85D7433DA6B93E4E7B56E Filename: patchSG0004993.eoe_sw Algorithm #1 (sum -r): 45658 15257 patchSG0004993.eoe_sw Algorithm #2 (sum): 47600 15257 patchSG0004993.eoe_sw MD5 checksum: FF9C8864B41AE1D888AD67F59D2AB3E4 Filename: patchSG0004993.eoe_sw64 Algorithm #1 (sum -r): 10289 5929 patchSG0004993.eoe_sw64 Algorithm #2 (sum): 16133 5929 patchSG0004993.eoe_sw64 MD5 checksum: D051011D105E9660F11772CBF29DA896 Filename: patchSG0004993.idb Algorithm #1 (sum -r): 12731 9 patchSG0004993.idb Algorithm #2 (sum): 37026 9 patchSG0004993.idb MD5 checksum: F1982C9477D440D0056F5EB529FE3323 Filename: patchSG0004993.irix_dev_sw Algorithm #1 (sum -r): 52495 2 patchSG0004993.irix_dev_sw Algorithm #2 (sum): 22110 2 patchSG0004993.irix_dev_sw MD5 checksum: A8ED74ACA7BB04C89844B4A7D3C07709 Filename: patchSG0004993.nfs_sw Algorithm #1 (sum -r): 48113 116 patchSG0004993.nfs_sw Algorithm #2 (sum): 11771 116 patchSG0004993.nfs_sw MD5 checksum: D7A0D1B58A0A8F718609AAC0319F732B Filename: README.patch.5014 Algorithm #1 (sum -r): 43776 8 README.patch.5014 Algorithm #2 (sum): 41660 8 README.patch.5014 MD5 checksum: 2237F8AC3760DC6F135F07CBFFE7F05F Filename: patchSG0005014 Algorithm #1 (sum -r): 09264 4 patchSG0005014 Algorithm #2 (sum): 46894 4 patchSG0005014 MD5 checksum: F87CB5C8F4B91A6EB5C4EB960EABCC11 Filename: patchSG0005014.dev_sw Algorithm #1 (sum -r): 53111 2897 patchSG0005014.dev_sw Algorithm #2 (sum): 65331 2897 patchSG0005014.dev_sw MD5 checksum: A37A022479459E5DF9BCF6D56037A3DE Filename: patchSG0005014.eoe_sw Algorithm #1 (sum -r): 38004 14820 patchSG0005014.eoe_sw Algorithm #2 (sum): 46216 14820 patchSG0005014.eoe_sw MD5 checksum: 96C77B9F14B1BF4B31B549098FC084EF Filename: patchSG0005014.eoe_sw64 Algorithm #1 (sum -r): 42606 5752 patchSG0005014.eoe_sw64 Algorithm #2 (sum): 6016 5752 patchSG0005014.eoe_sw64 MD5 checksum: 78B287D378A546449FC5D6A1BA29DE25 Filename: patchSG0005014.idb Algorithm #1 (sum -r): 14629 6 patchSG0005014.idb Algorithm #2 (sum): 42411 6 patchSG0005014.idb MD5 checksum: EBA55F18554253F80B2012B0594C4FA2 Filename: README.patch.5015 Algorithm #1 (sum -r): 27275 8 README.patch.5015 Algorithm #2 (sum): 40338 8 README.patch.5015 MD5 checksum: A9BB27187B70A4AADD1B5C036D31503B Filename: patchSG0005015 Algorithm #1 (sum -r): 50018 4 patchSG0005015 Algorithm #2 (sum): 58488 4 patchSG0005015 MD5 checksum: 2DCE3CC34AC5AD6AD3B8EB20CF1525A7 Filename: patchSG0005015.dev_sw Algorithm #1 (sum -r): 30590 2969 patchSG0005015.dev_sw Algorithm #2 (sum): 45448 2969 patchSG0005015.dev_sw MD5 checksum: 909F32E2E0AB6472DC26A20B25B09B6F Filename: patchSG0005015.eoe_sw Algorithm #1 (sum -r): 10420 15002 patchSG0005015.eoe_sw Algorithm #2 (sum): 36111 15002 patchSG0005015.eoe_sw MD5 checksum: E350682EFC05081239E5AD6471E67D19 Filename: patchSG0005015.eoe_sw64 Algorithm #1 (sum -r): 26328 5849 patchSG0005015.eoe_sw64 Algorithm #2 (sum): 50850 5849 patchSG0005015.eoe_sw64 MD5 checksum: F8F7FB95912296EE514E90EF115D20F9 Filename: patchSG0005015.idb Algorithm #1 (sum -r): 49502 6 patchSG0005015.idb Algorithm #2 (sum): 43502 6 patchSG0005015.idb MD5 checksum: E000681CE6ADA70CA656B25E2E922747 - ------------------------ - --- Acknowledgments ---- - ------------------------ SGI wishes to thank CERT, Sun Microsystems and the users of the Internet Community at large for their assistance in this matter. - ------------- - --- Links --- - ------------- SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/advisories/ SGI Security Patches can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/patches/ SGI patches for IRIX can be found at the following patch servers: http://support.sgi.com/ and ftp://patches.sgi.com/ SGI freeware updates for IRIX can be found at: http://freeware.sgi.com/ SGI fixes for SGI open sourced code can be found on: http://oss.sgi.com/projects/ SGI patches and RPMs for Linux can be found at: http://support.sgi.com/ or http://oss.sgi.com/projects/ SGI patches for Windows NT or 2000 can be found at: http://support.sgi.com/ IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/ IRIX 6.5 Maintenance Release Streams can be found at: http://support.sgi.com/ IRIX 6.5 Software Update CDs can be obtained from: http://support.sgi.com/ The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/ For security and patch management reasons, ftp.sgi.com (mirrors patches.sgi.com security FTP repository) lags behind and does not do a real-time update. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- If there are questions about this document, email can be sent to security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to security-info@sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/support/security/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request@sgi.com subscribe wiretap end ^d In the example above, is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ SGI provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/support/security/ . ------oOo------ If there are general security questions on SGI systems, email can be sent to security-info@sgi.com. For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. ______________________________________________________________________________ This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, SGI is appropriately credited and the document retains and includes its valid PGP signature. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBPpNAabQ4cFApAP75AQHGdgQAo32ZH8SQy3rAQjA81mMqyuTO7KDL7OmT 2ekK0/6e9Hicx+zPKZ1Cb5YC8SHPfUcJJWc1WI29ylBwd/TBsdT52BOatuV6HSZd c+cQaND8Y9v8ZboBMnaC9MHtjMRk3wfb82G88rlmBRgzY4mG0DKzx/0T38wUr7ik ZOz56ftEW3I= =6PU9 -----END PGP SIGNATURE-----