Bugtraq mailing list archives
Re: IRIX routed(1M) Vulnerability
From: Alfred_Huger () NAI COM (Huger, Alfred)
Date: Wed, 21 Oct 1998 15:52:12 -0700
-----Original Message----- From: SGI Security Coordinator [SMTP:agent99 () BOYTOY CSD SGI COM] Sent: Wednesday, October 21, 1998 2:38 PM To: BUGTRAQ () netspace org Subject: IRIX routed(1M) Vulnerability -----BEGIN PGP SIGNED MESSAGE----- __________________________________________________________________________ ____ Silicon Graphics Inc. Security Advisory Title: IRIX routed(1M) Vulnerability Number: 19981004-01-PX Date: October 21, 1998 __________________________________________________________________________ ____ Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and use. Silicon Graphics recommends that this information be acted upon as soon as possible.
[Huger, Alfred] The following is a re-post of something I sent in early January - it seems relevant given this 'new' advisory. (This is regards to an IBM advisory) After a quick look and asking around a bit, I have a little more information on which OS's appear to be vulnerable (and not vulnerable) to this attack. SunOS 5.5 / Appears not vulnerable BSDI 2.1 / Appears not vulnerable Slackware Linux 2.0.29 / Appears not vulnerable IRIX 5.2-5.3-6.2 / Vulnerable NetBSD 1.2 / Vulnerable OpenBSD / Appears not vulnerable FreeBSD 2.2.2 / Appears not vulnerable Ultrix 4.3 / Appears vulnerable This is by no means an exhaustive list, just what I had access to test quickly (with the exception of Ultrix which was tested by someone else). For what it is worth Theo Deraadt had this fixed in OpenBSD some time ago. He also, if I heard him correctly, discovered and reported this bug to someone at SGI years ago. (He actually reported in 1987.....) Alfred Huger Network Associates
Current thread:
- IRIX routed(1M) Vulnerability SGI Security Coordinator (Oct 21)
- <Possible follow-ups>
- Re: IRIX routed(1M) Vulnerability Huger, Alfred (Oct 21)