Re: Telnet vulnerability--shared library loading

[hartmans () MIT EDU (Sam Hartman)]

The following message is a courtesy copy of an article
that has been posted as well.

In article <478u9f$5r6 () d2 tufts edu> jrozes () gumbo tcs tufts edu (Jonathan Rozes) writes:


    Jonathan> In article <tslvip5w6eh.fsf () tertius mit edu>,
    Jonathan> hartmans () MIT EDU (Sam Hartman) writes:

    >> * An SGI patch is available at ftp://sgigate.sgi.com/security/.

    Jonathan> The newest files I saw there are from August -- nothing
    Jonathan> relevant to this problem. Anybody know where the patch
    Jonathan> (for 5.3) really is?

        As the last-minute update I prepended to my announcement
indicated, there was some communication problems: I was expecting an
Oct. 31 CERT advisory including an announcement of a patch from SGI.
In previous mail, SGI indicated to me that the patch, when it became
available would go in that directory.  When CERT finally announced the
problem, they simply included SGI's official acknowledgement that they
were investigating the problem.

        There could be several reasons why they were unable to or
chose not to release the patch; I would rather not speculate.
Basically, my information is outdated.  Now that CERT has released
their advisory, I would use their vendor information as it is more
current than what I had in most instances.

    Jonathan> jonathan -- +++ Jonathan Rozes, Unix Systems Programmer,
    Jonathan> Tufts University ++ jrozes () tcs tufts edu,
    Jonathan> http://gumbo.tcs.tufts.edu/~jrozes/ + Mind Over Liver:
    Jonathan> The liver probably contains 100 million cells, but 1,000
    Jonathan> livers do not add up to a rich inner life. <GDF:SA
    Jonathan> 09/92>