Home page logo

bugtraq logo Bugtraq mailing list archives

Re: IRIX routed(1M) Vulnerability
From: Alfred_Huger () NAI COM (Huger, Alfred)
Date: Wed, 21 Oct 1998 15:52:12 -0700

-----Original Message-----
From: SGI Security Coordinator [SMTP:agent99 () BOYTOY CSD SGI COM]
Sent: Wednesday, October 21, 1998 2:38 PM
To:   BUGTRAQ () netspace org
Subject:      IRIX routed(1M) Vulnerability


                Silicon Graphics Inc. Security Advisory

        Title:   IRIX routed(1M) Vulnerability
        Number:  19981004-01-PX
        Date:    October 21, 1998

Silicon Graphics provides this information freely to the SGI user
for its consideration, interpretation, implementation and use.   Silicon
Graphics recommends that this information be acted upon as soon as

        [Huger, Alfred]
        The following is a re-post of something I sent in early January - it
seems relevant given this 'new' advisory.

        (This is regards to an IBM advisory)

After a quick look and asking around a bit, I have a little more
information on which OS's appear to be vulnerable (and not vulnerable) to
this attack.

SunOS 5.5 / Appears not vulnerable
BSDI 2.1 / Appears not vulnerable
Slackware Linux 2.0.29 / Appears not vulnerable
IRIX 5.2-5.3-6.2 / Vulnerable
NetBSD 1.2 / Vulnerable
OpenBSD / Appears not vulnerable
FreeBSD 2.2.2 / Appears not vulnerable
Ultrix 4.3 / Appears vulnerable

This is by no means an exhaustive list, just what I had access to test
quickly (with the exception of Ultrix which was tested by someone else).
For what it is worth Theo Deraadt had this fixed in OpenBSD some time ago.
He also, if I heard him correctly, discovered and reported this bug to
someone at SGI years ago. (He actually reported in 1987.....)

Alfred Huger
Network Associates

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]