Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

comp.sys.sgi.bugs: Re: YET another security alert (sigh)

From: hurtta+usenet () OZONE FMI FI (Forwarded by Kari Hurtta)
Date: Tue, 5 Aug 1997 10:41:37 +0300

From: art () kether global-one no (Arthur Hagen)
Subject: Re: YET another security alert (sigh)
Newsgroups: comp.sys.sgi.bugs,comp.sys.sgi.admin
Date: 4 Aug 1997 08:28:01 GMT
Organization: Global One
Reply-To: art () broomstick com
Message-ID: <yd8n2ngl1tf.fsf () hoshi engr sgi com>
References: <33AB2631.41C6 () syntaxgroup it>  <yd8k9iscecm.fsf () hoshi engr sgi com> <5qve9e$ivc$1 () naiad grenet fr>
Path: kronos.fmi.fi!news.funet.fi!news.eunet.fi!EU.net!Norway.EU.net!uninett.no!news.global-one.no!kether!art
Lines: 20
Message-ID: <5s43qh$gn0$2 () bone global-one no>
References: <5rrpbr$l88$4 () bone global-one no> <5rsff3$sj$1 () bone global-one no>
NNTP-Posting-Host: kether.global-one.no
Xref: kronos.fmi.fi comp.sys.sgi.bugs:3926 comp.sys.sgi.admin:49713


Furthermore on the html/privileges exploit:

Because I think it unlikely there will be a fix to this any time soon,
it would help if people running proxy servers set the servers up to
filter these MIME types:

application/x-sgi-exec          exts=edf
application/x-sgi-task          exts=tdf

and it probably wouldn't hurt to block the other application/x-sgi-
mime types too:

type=application/x-sgi-catalog  exts=cdf
type=application/x-sgi-glossary exts=gloss
type=application/x-sgi-lpr      exts=sgi-lpr

Regards,
--
*Art
Previous By Date Next
Previous By Thread Next

Current thread: