From agent99@sgi.com Wed May 5 18:22:10 2004 From: SGI Security Coordinator To: agent99@sgi.com Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, vulnwatch@vulnwatch.org Newsgroups: comp.sys.sgi.announce, comp.security.unix, comp.sys.sgi.admin, comp.security.announce Date: Wed, 5 May 2004 12:16:08 -0700 Subject: IRIX Networking Security Updates -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SGI Security Advisory Title: IRIX Networking Security Updates Number: 20050502-01-P Date: May 5, 2004 Reference: SGI BUGS 904229, 902072, 901074, 897764, 897747, 894910, 890567, 871383, 773203 Fixed in: Patches 5454, 5461, 5437, 5466, 5451, 5440, 5415, 5416 and 5510 Fixed in: Driver Patches 5509 (.22) and 5513 (.20/.21) ______________________________________________________________________________ SGI provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. SGI recommends that this information be acted upon as soon as possible. SGI provides the information in this Security Advisory on an "AS-IS" basis only, and disclaims all warranties with respect thereto, express, implied or otherwise, including, without limitation, any warranty of merchantability or fitness for a particular purpose. In no event shall SGI be liable for any loss of profits, loss of business, loss of data or for any indirect, special, exemplary, incidental or consequential damages of any kind arising from your use of, failure to use or improper use of any of the instructions or information in this Security Advisory. _____________________________________________________________________________ - ----------------------- - --- Issue Specifics --- - ----------------------- It has been reported thru various channel that there are several security issues affecting IRIX networking. * various fixes to mitigate the non-network consequences of extreme UDP/interrupt DoS attacks (SGI BUG 773203, 897764) * blocking SYN+FIN and illogical TCP flags combos from achieving 3-way handshake (SGI BUG 871383) http://online.securityfocus.com/archive/1/296558/2002-10-19/2002-10-25/1 * ifconfig "-arp" argument does not disable arp requests being sent or received (SGI BUG 890567) * arp DOS vulnerability (SGI BUG 902072) http://www.auscert.org.au/render.html?it=3489&cid=1 These patches also contain non-security fixes. Note that on IRIX 6.5.20 thru IRIX 6.5.22 two patches are required. Both patches MUST be installed together or system instability could occur. SGI has investigated the issue and recommends the following steps for neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be implemented on ALL vulnerable SGI systems. This issue has been corrected in future releases of IRIX. - -------------- - --- Impact --- - -------------- To determine the version of IRIX you are running, execute the following command: # /bin/uname -R That will return a result similar to the following: # 6.5 6.5.21f The first number ("6.5") is the release name, the second ("6.5.21f" in this case) is the extended release name. The extended release name is the "version" we refer to throughout this document. - ---------------- - --- Solution --- - ---------------- SGI has provided a series of patches for these vulnerabilities. Our recommendation is to upgrade to IRIX 6.5.23, or install the appropriate patches. OS Version Vulnerable? Patch # Other Actions - ---------- ----------- ------- ------------- IRIX 3.x unknown Note 1 IRIX 4.x unknown Note 1 IRIX 5.x unknown Note 1 IRIX 6.0.x unknown Note 1 IRIX 6.1 unknown Note 1 IRIX 6.2 unknown Note 1 IRIX 6.3 unknown Note 1 IRIX 6.4 unknown Note 1 IRIX 6.5 yes Note 1 IRIX 6.5.1 yes Note 1 IRIX 6.5.2 yes Note 1 IRIX 6.5.3 yes Note 1 IRIX 6.5.4 yes Note 1 IRIX 6.5.5 yes Note 1 IRIX 6.5.6 yes Note 1 IRIX 6.5.7 yes Note 1 IRIX 6.5.8 yes Note 1 IRIX 6.5.9 yes Note 1 IRIX 6.5.10 yes Note 1 IRIX 6.5.11 yes Note 1 IRIX 6.5.12 yes Note 1 IRIX 6.5.13 yes Note 1 IRIX 6.5.14 yes Note 1 IRIX 6.5.15 yes Note 1 IRIX 6.5.16 yes Note 1 IRIX 6.5.17m yes Note 1 IRIX 6.5.17f yes Note 1 IRIX 6.5.18m yes 5454 Notes 2 & 3 IRIX 6.5.18f yes 5461 Notes 2 & 3 IRIX 6.5.19m yes 5437 Notes 2 & 3 IRIX 6.5.19f yes 5466 Notes 2 & 3 IRIX 6.5.20m yes 5510 & 5513 Notes 2 & 3 (Install both patches) IRIX 6.5.20f yes 5440 & 5513 Notes 2 & 3 (Install both patches) IRIX 6.5.21m yes 5415 & 5513 Notes 2 & 3 (Install both patches) IRIX 6.5.21f yes 5416 & 5513 Notes 2 & 3 (Install both patches) IRIX 6.5.22m yes 5469 & 5509 Notes 2 & 3 (Install both patches) NOTES 1) This version of the IRIX operating has been retired or no longer actively supported. Upgrade to an actively supported IRIX operating system. See http://support.sgi.com for more information. 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your SGI Support Provider or URL: http://support.sgi.com 3) Install the required patch(es) based on your operating release. Note that on IRIX 6.5.20 thru IRIX 6.5.22 two patches are required. Both patches MUST be installed in order to prevent system instability. ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.5415 Algorithm #1 (sum -r): 47284 9 README.patch.5415 Algorithm #2 (sum): 27264 9 README.patch.5415 MD5 checksum: D5D46C91056B7DD35F4112134CEACA35 Filename: patchSG0005415 Algorithm #1 (sum -r): 28908 4 patchSG0005415 Algorithm #2 (sum): 58155 4 patchSG0005415 MD5 checksum: 10ED9CCEAF8A2F50EE1B22B6B0A76846 Filename: patchSG0005415.FDDIXPress_sw Algorithm #1 (sum -r): 33783 1218 patchSG0005415.FDDIXPress_sw Algorithm #2 (sum): 3050 1218 patchSG0005415.FDDIXPress_sw MD5 checksum: 1A759D9AE02A93E416264065B5A497DD Filename: patchSG0005415.eoe_sw Algorithm #1 (sum -r): 14641 16403 patchSG0005415.eoe_sw Algorithm #2 (sum): 55901 16403 patchSG0005415.eoe_sw MD5 checksum: 779D40D1325A016055D272920E780CBF Filename: patchSG0005415.idb Algorithm #1 (sum -r): 23494 34 patchSG0005415.idb Algorithm #2 (sum): 44844 34 patchSG0005415.idb MD5 checksum: EA7F8B6962E7BDEB9C38AD048C346E1E Filename: README.patch.5416 Algorithm #1 (sum -r): 58977 9 README.patch.5416 Algorithm #2 (sum): 29248 9 README.patch.5416 MD5 checksum: 99EA2CBA3A2BA355CD3ECED766ED4C4B Filename: patchSG0005416 Algorithm #1 (sum -r): 20741 4 patchSG0005416 Algorithm #2 (sum): 1355 4 patchSG0005416 MD5 checksum: 708306456E4FA752453282DAE3EBDEF4 Filename: patchSG0005416.FDDIXPress_sw Algorithm #1 (sum -r): 03290 1219 patchSG0005416.FDDIXPress_sw Algorithm #2 (sum): 24824 1219 patchSG0005416.FDDIXPress_sw MD5 checksum: 3EFA63D7ABE80B15EFCA185D87CBF9D9 Filename: patchSG0005416.eoe_sw Algorithm #1 (sum -r): 52293 16481 patchSG0005416.eoe_sw Algorithm #2 (sum): 46042 16481 patchSG0005416.eoe_sw MD5 checksum: 07A38D569FBD2F7D00FD54EA1F15FC14 Filename: patchSG0005416.idb Algorithm #1 (sum -r): 09579 33 patchSG0005416.idb Algorithm #2 (sum): 29569 33 patchSG0005416.idb MD5 checksum: 3F4EB05871F44A876B2033F73523DD24 Filename: README.patch.5437 Algorithm #1 (sum -r): 52080 24 README.patch.5437 Algorithm #2 (sum): 53060 24 README.patch.5437 MD5 checksum: E918B74A4D4D1C6F700EC88D8863CD4A Filename: patchSG0005437 Algorithm #1 (sum -r): 21163 19 patchSG0005437 Algorithm #2 (sum): 54279 19 patchSG0005437 MD5 checksum: 832CF9C53F309BE50E2B9268A27E1EB6 Filename: patchSG0005437.FDDIXPress_sw Algorithm #1 (sum -r): 03740 1138 patchSG0005437.FDDIXPress_sw Algorithm #2 (sum): 45855 1138 patchSG0005437.FDDIXPress_sw MD5 checksum: 40340AC14D7F65D1BD251794D046BA9E Filename: patchSG0005437.eoe_man Algorithm #1 (sum -r): 58730 28 patchSG0005437.eoe_man Algorithm #2 (sum): 53579 28 patchSG0005437.eoe_man MD5 checksum: C45CFA5847A4A277933B66E7BC75270B Filename: patchSG0005437.eoe_sw Algorithm #1 (sum -r): 64543 27889 patchSG0005437.eoe_sw Algorithm #2 (sum): 34011 27889 patchSG0005437.eoe_sw MD5 checksum: 6C6CBA804E02106615328DB118541833 Filename: patchSG0005437.idb Algorithm #1 (sum -r): 45681 61 patchSG0005437.idb Algorithm #2 (sum): 42789 61 patchSG0005437.idb MD5 checksum: A6A80D11E34544E2E045B19E21ECDB16 Filename: README.patch.5440 Algorithm #1 (sum -r): 22500 9 README.patch.5440 Algorithm #2 (sum): 35714 9 README.patch.5440 MD5 checksum: E0A5D89FA413724275A94B1E48CC0ADC Filename: patchSG0005440 Algorithm #1 (sum -r): 13783 6 patchSG0005440 Algorithm #2 (sum): 53102 6 patchSG0005440 MD5 checksum: 4CC7134B5B90217D3EB06694EB99E585 Filename: patchSG0005440.FDDIXPress_sw Algorithm #1 (sum -r): 40263 1139 patchSG0005440.FDDIXPress_sw Algorithm #2 (sum): 16078 1139 patchSG0005440.FDDIXPress_sw MD5 checksum: B112C8B2BE09336795426E9C8F8DDD31 Filename: patchSG0005440.eoe_sw Algorithm #1 (sum -r): 02270 17123 patchSG0005440.eoe_sw Algorithm #2 (sum): 31539 17123 patchSG0005440.eoe_sw MD5 checksum: FF4646C97342D46E0D1506D4600CE9D7 Filename: patchSG0005440.idb Algorithm #1 (sum -r): 10128 37 patchSG0005440.idb Algorithm #2 (sum): 41515 37 patchSG0005440.idb MD5 checksum: 73CB79C3BE81D9EDDB18C29C0E7AB144 Filename: README.patch.5454 Algorithm #1 (sum -r): 02122 11 README.patch.5454 Algorithm #2 (sum): 40784 11 README.patch.5454 MD5 checksum: DA881B4ACAB0C05B0448E648E6ACB252 Filename: patchSG0005454 Algorithm #1 (sum -r): 19312 7 patchSG0005454 Algorithm #2 (sum): 19255 7 patchSG0005454 MD5 checksum: 3ECE411C1A68956ED2C89489FA1C6604 Filename: patchSG0005454.FDDIXPress_sw Algorithm #1 (sum -r): 51190 1125 patchSG0005454.FDDIXPress_sw Algorithm #2 (sum): 43752 1125 patchSG0005454.FDDIXPress_sw MD5 checksum: 22F85FDE098110116750C569537DB7FB Filename: patchSG0005454.eoe_man Algorithm #1 (sum -r): 15635 35 patchSG0005454.eoe_man Algorithm #2 (sum): 37598 35 patchSG0005454.eoe_man MD5 checksum: 81881EB5EB78CC451918D5F2C97E8E21 Filename: patchSG0005454.eoe_sw Algorithm #1 (sum -r): 12960 11623 patchSG0005454.eoe_sw Algorithm #2 (sum): 41713 11623 patchSG0005454.eoe_sw MD5 checksum: 71CD304499F9B58B881CF422881B8E02 Filename: patchSG0005454.idb Algorithm #1 (sum -r): 33342 29 patchSG0005454.idb Algorithm #2 (sum): 63712 29 patchSG0005454.idb MD5 checksum: EB226CDA37C59DA899BEB33D439BC525 Filename: README.patch.5461 Algorithm #1 (sum -r): 44664 11 README.patch.5461 Algorithm #2 (sum): 41100 11 README.patch.5461 MD5 checksum: C162662C9CFDFB8BF20A5A44459852C5 Filename: patchSG0005461 Algorithm #1 (sum -r): 56460 7 patchSG0005461 Algorithm #2 (sum): 24631 7 patchSG0005461 MD5 checksum: 092DEAF6F065C0FD3CBAAE3190D4C80A Filename: patchSG0005461.FDDIXPress_sw Algorithm #1 (sum -r): 57160 1125 patchSG0005461.FDDIXPress_sw Algorithm #2 (sum): 49421 1125 patchSG0005461.FDDIXPress_sw MD5 checksum: 437F21961AD86E075A5160931D883448 Filename: patchSG0005461.eoe_man Algorithm #1 (sum -r): 33021 35 patchSG0005461.eoe_man Algorithm #2 (sum): 36557 35 patchSG0005461.eoe_man MD5 checksum: 025102308750118FA54B8F63450A660A Filename: patchSG0005461.eoe_sw Algorithm #1 (sum -r): 09152 11675 patchSG0005461.eoe_sw Algorithm #2 (sum): 29376 11675 patchSG0005461.eoe_sw MD5 checksum: 79A4ADCD2BE0C8160DA7E40C60645981 Filename: patchSG0005461.idb Algorithm #1 (sum -r): 26372 29 patchSG0005461.idb Algorithm #2 (sum): 63859 29 patchSG0005461.idb MD5 checksum: 8C33E7C894406C01B2BAD654EA271651 Filename: README.patch.5466 Algorithm #1 (sum -r): 34985 9 README.patch.5466 Algorithm #2 (sum): 32825 9 README.patch.5466 MD5 checksum: B09537F37B167AB9C40F41B6632E2ECC Filename: patchSG0005466 Algorithm #1 (sum -r): 09282 4 patchSG0005466 Algorithm #2 (sum): 62186 4 patchSG0005466 MD5 checksum: 7932D50B86660B5428EE6C10E11E5F0D Filename: patchSG0005466.FDDIXPress_sw Algorithm #1 (sum -r): 13190 1140 patchSG0005466.FDDIXPress_sw Algorithm #2 (sum): 38306 1140 patchSG0005466.FDDIXPress_sw MD5 checksum: 80F675A5F37A48CC9F49198F396E10B4 Filename: patchSG0005466.eoe_man Algorithm #1 (sum -r): 59551 37 patchSG0005466.eoe_man Algorithm #2 (sum): 9081 37 patchSG0005466.eoe_man MD5 checksum: 714EBB9A389CF01D13C2D34B3602BE9C Filename: patchSG0005466.eoe_sw Algorithm #1 (sum -r): 12363 16227 patchSG0005466.eoe_sw Algorithm #2 (sum): 29500 16227 patchSG0005466.eoe_sw MD5 checksum: 1BD3F84EE81B6FF4FB4B8A9BD7D941F0 Filename: patchSG0005466.idb Algorithm #1 (sum -r): 64946 33 patchSG0005466.idb Algorithm #2 (sum): 25171 33 patchSG0005466.idb MD5 checksum: 1F9D5AAA5A86CE80C5FA98C5F15A137E Filename: README.patch.5469 Algorithm #1 (sum -r): 27693 8 README.patch.5469 Algorithm #2 (sum): 52602 8 README.patch.5469 MD5 checksum: 1A470F7C4CD02632FC7132689736DE50 Filename: patchSG0005469 Algorithm #1 (sum -r): 22703 3 patchSG0005469 Algorithm #2 (sum): 22023 3 patchSG0005469 MD5 checksum: 7104A2BBADAE8F3BBE86005705F93FF7 Filename: patchSG0005469.eoe_sw Algorithm #1 (sum -r): 02541 12265 patchSG0005469.eoe_sw Algorithm #2 (sum): 20357 12265 patchSG0005469.eoe_sw MD5 checksum: 05B873EC13C489250F06A88C153D3AA6 Filename: patchSG0005469.idb Algorithm #1 (sum -r): 27661 19 patchSG0005469.idb Algorithm #2 (sum): 49603 19 patchSG0005469.idb MD5 checksum: 31C2B092A3995DC3BC857DA15D3D2E51 Filename: README.patch.5509 Algorithm #1 (sum -r): 21540 9 README.patch.5509 Algorithm #2 (sum): 22223 9 README.patch.5509 MD5 checksum: 6E0FB5AEF9F6597240F47483B4D799F2 Filename: patchSG0005509 Algorithm #1 (sum -r): 10924 3 patchSG0005509 Algorithm #2 (sum): 15069 3 patchSG0005509 MD5 checksum: 08CFFAD7346E5EF2D5DF1CF65876C5A8 Filename: patchSG0005509.eoe_man Algorithm #1 (sum -r): 48534 3 patchSG0005509.eoe_man Algorithm #2 (sum): 5221 3 patchSG0005509.eoe_man MD5 checksum: 0B40F03D4E1CC7E0608BD6EC8C3A440F Filename: patchSG0005509.eoe_sw Algorithm #1 (sum -r): 19486 1024 patchSG0005509.eoe_sw Algorithm #2 (sum): 23814 1024 patchSG0005509.eoe_sw MD5 checksum: FA6146A571ADD077359796E39B658D23 Filename: patchSG0005509.idb Algorithm #1 (sum -r): 04913 6 patchSG0005509.idb Algorithm #2 (sum): 34998 6 patchSG0005509.idb MD5 checksum: C35D7D42F038C84686B2A270DED56381 Filename: README.patch.5510 Algorithm #1 (sum -r): 19615 9 README.patch.5510 Algorithm #2 (sum): 31698 9 README.patch.5510 MD5 checksum: 5AB49EA1AB200DDDFE84B57B7E325E70 Filename: patchSG0005510 Algorithm #1 (sum -r): 29707 4 patchSG0005510 Algorithm #2 (sum): 4481 4 patchSG0005510 MD5 checksum: 24EDC959F36DF0A7A168603C9C988902 Filename: patchSG0005510.FDDIXPress_sw Algorithm #1 (sum -r): 41438 1219 patchSG0005510.FDDIXPress_sw Algorithm #2 (sum): 47756 1219 patchSG0005510.FDDIXPress_sw MD5 checksum: C004BBB41698999AD65DC968DBCB6D3C Filename: patchSG0005510.eoe_sw Algorithm #1 (sum -r): 06185 15992 patchSG0005510.eoe_sw Algorithm #2 (sum): 11762 15992 patchSG0005510.eoe_sw MD5 checksum: B4572DE7EE85143DFD4CF8DED2294017 Filename: patchSG0005510.idb Algorithm #1 (sum -r): 17927 33 patchSG0005510.idb Algorithm #2 (sum): 32020 33 patchSG0005510.idb MD5 checksum: 361E9188804A5B72045FCBE85ECDEE93 Filename: README.patch.5513 Algorithm #1 (sum -r): 57969 15 README.patch.5513 Algorithm #2 (sum): 42448 15 README.patch.5513 MD5 checksum: 49DDE63A5628196E5FECB5ADFD740960 Filename: patchSG0005513 Algorithm #1 (sum -r): 52502 2 patchSG0005513 Algorithm #2 (sum): 55340 2 patchSG0005513 MD5 checksum: 0C0ED134B2EC6986A16C203E298A2A9A Filename: patchSG0005513.eoe_sw Algorithm #1 (sum -r): 43778 1026 patchSG0005513.eoe_sw Algorithm #2 (sum): 53850 1026 patchSG0005513.eoe_sw MD5 checksum: 18EE48A63D748F9321AA692D6FD08840 Filename: patchSG0005513.idb Algorithm #1 (sum -r): 31581 7 patchSG0005513.idb Algorithm #2 (sum): 49801 7 patchSG0005513.idb MD5 checksum: 989CBAE1FF6EEF9E900B4665A6E99DF0 - ------------------------ - --- Acknowledgments ---- - ------------------------ SGI wishes to thank the FreeBSD security folks, MIT Lincoln Labs, Lockheed Martin, Iowa State, and Paul Starzetz for their assistance in this matter. - ------------- - --- Links --- - ------------- Patches are available via the web, anonymous FTP and from your SGI service/support provider. SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/advisories/ SGI Security Patches can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/advisories/ SGI Security Patches can be found at: http://www.sgi.com/support/security/ and ftp://patches.sgi.com/support/free/security/patches/ SGI patches for IRIX can be found at the following patch servers: http://support.sgi.com/ and ftp://patches.sgi.com/ SGI freeware updates for IRIX can be found at: http://freeware.sgi.com/ SGI fixes for SGI open sourced code can be found on: http://oss.sgi.com/projects/ SGI patches and RPMs for Linux can be found at: http://support.sgi.com/ or http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/ SGI patches for Windows NT or 2000 can be found at: http://support.sgi.com/ IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/ IRIX 6.5 Maintenance Release Streams can be found at: http://support.sgi.com/ IRIX 6.5 Software Update CDs can be obtained from: http://support.sgi.com/ The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/ For security and patch management reasons, ftp.sgi.com (mirrors patches.sgi.com security FTP repository) lags behind and does not do a real-time update. - ----------------------------------------- - --- SGI Security Information/Contacts --- - ----------------------------------------- If there are questions about this document, email can be sent to security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI community. This information is freely available to any person needing the information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is patches.sgi.com (216.32.174.211). Security advisories and patches are located under the URL ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to security-info@sgi.com. For assistance obtaining or working with security patches, please contact your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and encourages interested parties to self-subscribe to receive (via email) all SGI Security Advisories when they are released. Subscribing to the mailing list can be done via the Web (http://www.sgi.com/support/security/wiretap.html) or by sending email to SGI as outlined below. % mail wiretap-request@sgi.com subscribe wiretap end ^d In the example above, is the email address that you wish the mailing list information sent to. The word end must be on a separate line to indicate the end of the body of the message. The control-d (^d) is used to indicate to the mail program that you are finished composing the mail message. ------oOo------ SGI provides a comprehensive customer World Wide Web site. This site is located at http://www.sgi.com/support/security/ . ------oOo------ If there are general security questions on SGI systems, email can be sent to security-info@sgi.com. For reporting *NEW* SGI security issues, email can be sent to security-alert@sgi.com or contact your SGI support provider. A support contract is not required for submitting a security report. ______________________________________________________________________________ This information is provided freely to all interested parties and may be redistributed provided that it is not altered in any way, SGI is appropriately credited and the document retains and includes its valid PGP signature. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQJk8ZbQ4cFApAP75AQF8swQAoB5gsazkjTT0FXj5C/J+LzagtGfc+j7L 3R7mzV9RfPE/XPPbxaQKt5abkFCcGD7THul6TIJB6noPuR/f25fXzjgI00moyuTX K8LCKNfLy494k887BR5BPDOJyU33mtjR671Yx7HPSczQEyGjlpbODiACM/wQUGmV 0+EjE4Db2WY= =9XL4 -----END PGP SIGNATURE-----