Home page logo
/

bugtraq logo Bugtraq mailing list archives

X Windows zlib/MIT-SHM/huge font DoS vulnerabilities
From: SGI Security Coordinator <agent99 () sgi com>
Date: Tue, 15 Oct 2002 19:22:30 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----


______________________________________________________________________________
                          SGI Security Advisory

        Title:   X Windows zlib/MIT-SHM/huge font DoS vulnerabilities
        Number:  20021001-01-P
          Date:  October 15, 2002
    References:  CVE CAN-2002-164
    References:  CVE CVE-2002-0059
    References:  CERT CA-2002-07

______________________________________________________________________________

- -----------------------
- --- Issue Specifics ---
- -----------------------

This bulletin covers several graphics-related security issues:

  o  It's been reported that the zlib libraries that ship with x_eoe
     have a "double free" vulnerability.

     See: http://www.kb.cert.org/vuls/id/368819

  o  It's been reported that the IRIX X server has security vulnerabilities.

     1) Under certain conditions, Mozilla can cause the X server to crash.

     See:  http://web.lemuria.org/security/mozilla-dos.html for details.

     2) There is a vulnerability in the MIT-SHM code that can allow a local
        user to read or write to any SHM segment.

     See: http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html


SGI has investigated the issue and recommends the following steps for
neutralizing the exposure.  It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected in future releases of IRIX and with patches.


- --------------
- --- Impact ---
- --------------

The X server (/usr/bin/X11/Xsgi) is installed by default on IRIX 6.5 systems
as part of x_eoe.sw.Server.

To determine the version of IRIX you are running, execute the following
command:

  # uname -R

That will return a result similar to the following:

  # 6.5 6.5.16f

The first number ("6.5") is the release name, the second ("6.5.15f" in this
case) is the extended release name.  The extended release name is the
"version" we refer to throughout this document.

Exploitation of these vulnerabilities can result in a root compromise or a
Denial of Service attack.  A local account is required to exploit these
vulnerabilities.

- ----------------------------
- --- Temporary Workaround ---
- ----------------------------

There is no good workaround available for these problems if running in
graphical mode is desired.  SGI recommends either upgrading to IRIX 6.5.18
when it is released, or installing the appropriate patch from the listing
below.

If running in graphical mode is not needed, you can execute the command
"/usr/gfx/stopgfx" and it will turn the windowsystem configuration flag off,
kill the X server, and keep it from being restarted on next boot.


- ----------------
- --- Solution ---
- ----------------

SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.18 when available, or install the
appropriate patch.

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------
   IRIX 3.x        unknown                     Note 1
   IRIX 4.x        unknown                     Note 1
   IRIX 5.x        unknown                     Note 1
   IRIX 6.0.x      unknown                     Note 1
   IRIX 6.1        unknown                     Note 1
   IRIX 6.2        unknown                     Note 1
   IRIX 6.3        unknown                     Note 1
   IRIX 6.4        unknown                     Note 1
   IRIX 6.5          yes                       Notes 2 & 3
   IRIX 6.5.1        yes                       Notes 2 & 3
   IRIX 6.5.2        yes                       Notes 2 & 3
   IRIX 6.5.3        yes                       Notes 2 & 3
   IRIX 6.5.4        yes                       Notes 2 & 3
   IRIX 6.5.5        yes                       Notes 2 & 3
   IRIX 6.5.6        yes                       Notes 2 & 3
   IRIX 6.5.7        yes                       Notes 2 & 3
   IRIX 6.5.8        yes                       Notes 2 & 3
   IRIX 6.5.9        yes                       Notes 2 & 3
   IRIX 6.5.10       yes                       Notes 2 & 3
   IRIX 6.5.11       yes                       Notes 2 & 3
   IRIX 6.5.12       yes                       Notes 2 & 3
   IRIX 6.5.13m      yes          4709
   IRIX 6.5.13f      yes          4710
   IRIX 6.5.14m      yes          4648
   IRIX 6.5.14f      yes          4649
   IRIX 6.5.15m      yes          4648
   IRIX 6.5.15f      yes          4649
   IRIX 6.5.16m      yes          4663
   IRIX 6.5.16f      yes          4664
   IRIX 6.5.17m      yes          4757
   IRIX 6.5.17f      yes          4758


   NOTES

     1) This version of the IRIX operating has been retired. Upgrade to an
        actively supported IRIX operating system.  See
        http://support.sgi.com/irix/news/index.html#policy for more
        information.

     2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
        SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/

     3) Upgrade to IRIX 6.5.18.

                ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:

Filename:                 README.patch.4648
Algorithm #1 (sum -r):    19648 15 README.patch.4648
Algorithm #2 (sum):       13125 15 README.patch.4648
MD5 checksum:             763290A0BE49E2567CCF38B549B44A12

Filename:                 patch4648.chksums.only
Algorithm #1 (sum -r):    63642 4 patch4648.chksums.only
Algorithm #2 (sum):       3489 4 patch4648.chksums.only
MD5 checksum:             57F22AC9C442B369CA97B5FE40B1FFD3

Filename:                 patch4648.pgp.and.chksums
Algorithm #1 (sum -r):    19096 14 patch4648.pgp.and.chksums
Algorithm #2 (sum):       35174 14 patch4648.pgp.and.chksums
MD5 checksum:             C1850DF90F1B478954029EB25B56A797

Filename:                 patchSG0004648
Algorithm #1 (sum -r):    28932 12 patchSG0004648
Algorithm #2 (sum):       14723 12 patchSG0004648
MD5 checksum:             3BB3B908AC0F03B03E18B997BA141D87

Filename:                 patchSG0004648.dev_sw
Algorithm #1 (sum -r):    16294 4954 patchSG0004648.dev_sw
Algorithm #2 (sum):       55525 4954 patchSG0004648.dev_sw
MD5 checksum:             C14692DA3EB8C12BA8BD3E0348FFA293

Filename:                 patchSG0004648.dmedia_dev_sw
Algorithm #1 (sum -r):    54547 1427 patchSG0004648.dmedia_dev_sw
Algorithm #2 (sum):       12560 1427 patchSG0004648.dmedia_dev_sw
MD5 checksum:             6EC5EA9017F67D10FC235F4B4715D60A

Filename:                 patchSG0004648.dmedia_eoe_sw
Algorithm #1 (sum -r):    14809 1058 patchSG0004648.dmedia_eoe_sw
Algorithm #2 (sum):       17027 1058 patchSG0004648.dmedia_eoe_sw
MD5 checksum:             75C87688D66029FD8A577494ED78E6CA

Filename:                 patchSG0004648.idb
Algorithm #1 (sum -r):    45557 10 patchSG0004648.idb
Algorithm #2 (sum):       57173 10 patchSG0004648.idb
MD5 checksum:             3C3BC01AEB6866C663EED9639D8198E0

Filename:                 patchSG0004648.x_dev_sw
Algorithm #1 (sum -r):    51347 2830 patchSG0004648.x_dev_sw
Algorithm #2 (sum):       55679 2830 patchSG0004648.x_dev_sw
MD5 checksum:             D3690E5AC5CB9D5E0807660A1EF55C2B

Filename:                 patchSG0004648.x_dev_sw64
Algorithm #1 (sum -r):    23224 1766 patchSG0004648.x_dev_sw64
Algorithm #2 (sum):       2654 1766 patchSG0004648.x_dev_sw64
MD5 checksum:             8E19C61F4CD34B6930490C6724E592E3

Filename:                 patchSG0004648.x_eoe_sw
Algorithm #1 (sum -r):    31097 19287 patchSG0004648.x_eoe_sw
Algorithm #2 (sum):       47280 19287 patchSG0004648.x_eoe_sw
MD5 checksum:             D4B3827EBBDC14A320E12818EC409EB3

Filename:                 patchSG0004648.x_eoe_sw64
Algorithm #1 (sum -r):    05516 3872 patchSG0004648.x_eoe_sw64
Algorithm #2 (sum):       41234 3872 patchSG0004648.x_eoe_sw64
MD5 checksum:             EDFE10A12E6AFC0D0846DA9B5BFF1FB0

Filename:                 README.patch.4649
Algorithm #1 (sum -r):    07444 15 README.patch.4649
Algorithm #2 (sum):       13141 15 README.patch.4649
MD5 checksum:             C5538980016C96C3D1E60F1F86298AAE

Filename:                 patchSG0004649
Algorithm #1 (sum -r):    47428 12 patchSG0004649
Algorithm #2 (sum):       14587 12 patchSG0004649
MD5 checksum:             4C416CCBF8169CCD41183AA952BF68E5

Filename:                 patchSG0004649.dev_sw
Algorithm #1 (sum -r):    44079 4956 patchSG0004649.dev_sw
Algorithm #2 (sum):       10141 4956 patchSG0004649.dev_sw
MD5 checksum:             AFA1E08A8C3C5A251F9097CE11248E3B

Filename:                 patchSG0004649.dmedia_dev_sw
Algorithm #1 (sum -r):    11964 1428 patchSG0004649.dmedia_dev_sw
Algorithm #2 (sum):       38664 1428 patchSG0004649.dmedia_dev_sw
MD5 checksum:             EF0DAF20D2294F9C35E4D01FA7769D0E

Filename:                 patchSG0004649.dmedia_eoe_sw
Algorithm #1 (sum -r):    39189 1058 patchSG0004649.dmedia_eoe_sw
Algorithm #2 (sum):       14792 1058 patchSG0004649.dmedia_eoe_sw
MD5 checksum:             6E83F4B6D9B59FD50197B789ED79D52B

Filename:                 patchSG0004649.idb
Algorithm #1 (sum -r):    37792 10 patchSG0004649.idb
Algorithm #2 (sum):       51498 10 patchSG0004649.idb
MD5 checksum:             F9182410F6DA9FF347D3DAA4D6372F8A

Filename:                 patchSG0004649.x_dev_sw
Algorithm #1 (sum -r):    57772 2831 patchSG0004649.x_dev_sw
Algorithm #2 (sum):       3606 2831 patchSG0004649.x_dev_sw
MD5 checksum:             2B8752ABCCB9D4178CD7EA5595ED4B27

Filename:                 patchSG0004649.x_dev_sw64
Algorithm #1 (sum -r):    09443 1767 patchSG0004649.x_dev_sw64
Algorithm #2 (sum):       12618 1767 patchSG0004649.x_dev_sw64
MD5 checksum:             519B9D3CF7C561C33E66E58C04E355F8

Filename:                 patchSG0004649.x_eoe_sw
Algorithm #1 (sum -r):    45988 19291 patchSG0004649.x_eoe_sw
Algorithm #2 (sum):       55233 19291 patchSG0004649.x_eoe_sw
MD5 checksum:             C47659D9AFA1B1D8A980AEBF3369FC7D

Filename:                 patchSG0004649.x_eoe_sw64
Algorithm #1 (sum -r):    63429 3914 patchSG0004649.x_eoe_sw64
Algorithm #2 (sum):       42601 3914 patchSG0004649.x_eoe_sw64
MD5 checksum:             7FEB20B624CDF12994963466B8339E0F

Filename:                 README.patch.4663
Algorithm #1 (sum -r):    20333 12 README.patch.4663
Algorithm #2 (sum):       7518 12 README.patch.4663
MD5 checksum:             D015F7A81554A08D88B75A190BA5EF23

Filename:                 patchSG0004663
Algorithm #1 (sum -r):    26976 8 patchSG0004663
Algorithm #2 (sum):       51679 8 patchSG0004663
MD5 checksum:             3127F7F8CD6D3859C329478F29989509

Filename:                 patchSG0004663.dev_sw
Algorithm #1 (sum -r):    50053 4944 patchSG0004663.dev_sw
Algorithm #2 (sum):       1123 4944 patchSG0004663.dev_sw
MD5 checksum:             612336109805B45764EB5EA9F997C27E

Filename:                 patchSG0004663.dmedia_eoe_sw
Algorithm #1 (sum -r):    09775 2052 patchSG0004663.dmedia_eoe_sw
Algorithm #2 (sum):       15288 2052 patchSG0004663.dmedia_eoe_sw
MD5 checksum:             7B78D73D67C80D9F37FE132134E55AE2

Filename:                 patchSG0004663.idb
Algorithm #1 (sum -r):    06345 9 patchSG0004663.idb
Algorithm #2 (sum):       20713 9 patchSG0004663.idb
MD5 checksum:             C9A228449A0D5A8F78B3D3DE31FDC789

Filename:                 patchSG0004663.x_dev_sw
Algorithm #1 (sum -r):    29626 2912 patchSG0004663.x_dev_sw
Algorithm #2 (sum):       22721 2912 patchSG0004663.x_dev_sw
MD5 checksum:             1AD91E3743B44EB9D239A7FF8B3DCCBE

Filename:                 patchSG0004663.x_dev_sw64
Algorithm #1 (sum -r):    50100 1768 patchSG0004663.x_dev_sw64
Algorithm #2 (sum):       37585 1768 patchSG0004663.x_dev_sw64
MD5 checksum:             F01B4440B72B7C355F0083BCBD02AB62

Filename:                 patchSG0004663.x_eoe_sw
Algorithm #1 (sum -r):    39553 17149 patchSG0004663.x_eoe_sw
Algorithm #2 (sum):       7971 17149 patchSG0004663.x_eoe_sw
MD5 checksum:             F8677AF45C45F8BCC628A9B4B72E1C36

Filename:                 patchSG0004663.x_eoe_sw64
Algorithm #1 (sum -r):    28690 3895 patchSG0004663.x_eoe_sw64
Algorithm #2 (sum):       43249 3895 patchSG0004663.x_eoe_sw64
MD5 checksum:             E9D8885D8D0EABD464D622A6B8C20A0B

Filename:                 README.patch.4664
Algorithm #1 (sum -r):    52142 12 README.patch.4664
Algorithm #2 (sum):       7572 12 README.patch.4664
MD5 checksum:             5D4E5F9F443D4BFAA5B16B87EE04FF82

Filename:                 patchSG0004664
Algorithm #1 (sum -r):    16851 8 patchSG0004664
Algorithm #2 (sum):       58003 8 patchSG0004664
MD5 checksum:             F1FDDAED26791293E2C40CA11309EE73

Filename:                 patchSG0004664.dev_sw
Algorithm #1 (sum -r):    06665 4969 patchSG0004664.dev_sw
Algorithm #2 (sum):       61714 4969 patchSG0004664.dev_sw
MD5 checksum:             C3C1B3F7027E8CFA2007C270BDBB98C9

Filename:                 patchSG0004664.dmedia_eoe_sw
Algorithm #1 (sum -r):    37664 2052 patchSG0004664.dmedia_eoe_sw
Algorithm #2 (sum):       46869 2052 patchSG0004664.dmedia_eoe_sw
MD5 checksum:             23562ECDE183910E728C5D082B280352

Filename:                 patchSG0004664.idb
Algorithm #1 (sum -r):    17964 9 patchSG0004664.idb
Algorithm #2 (sum):       20986 9 patchSG0004664.idb
MD5 checksum:             64ECD84929751DD84934FD0B92A92AA7

Filename:                 patchSG0004664.x_dev_sw
Algorithm #1 (sum -r):    17678 2912 patchSG0004664.x_dev_sw
Algorithm #2 (sum):       37775 2912 patchSG0004664.x_dev_sw
MD5 checksum:             547263071E4481C4FE7C72B5CB988837

Filename:                 patchSG0004664.x_dev_sw64
Algorithm #1 (sum -r):    51740 1771 patchSG0004664.x_dev_sw64
Algorithm #2 (sum):       30768 1771 patchSG0004664.x_dev_sw64
MD5 checksum:             D4078363D7F450D5907B98D61F12C4A5

Filename:                 patchSG0004664.x_eoe_sw
Algorithm #1 (sum -r):    56676 17144 patchSG0004664.x_eoe_sw
Algorithm #2 (sum):       42847 17144 patchSG0004664.x_eoe_sw
MD5 checksum:             A8894B977CFEB0CEEE115CD252BB2D6D

Filename:                 patchSG0004664.x_eoe_sw64
Algorithm #1 (sum -r):    44535 3903 patchSG0004664.x_eoe_sw64
Algorithm #2 (sum):       13310 3903 patchSG0004664.x_eoe_sw64
MD5 checksum:             E564EA0AFB18EF77A67BB1E90C67346C

Filename:                 README.patch.4709
Algorithm #1 (sum -r):    54795 10 README.patch.4709
Algorithm #2 (sum):       5764 10 README.patch.4709
MD5 checksum:             02B6646BEAD5220EB028B8DDA890FC45

Filename:                 patchSG0004709
Algorithm #1 (sum -r):    19667 5 patchSG0004709
Algorithm #2 (sum):       13760 5 patchSG0004709
MD5 checksum:             8779F029143A7E7A0C2463D2817F75ED

Filename:                 patchSG0004709.dmedia_eoe_sw
Algorithm #1 (sum -r):    55325 2024 patchSG0004709.dmedia_eoe_sw
Algorithm #2 (sum):       54859 2024 patchSG0004709.dmedia_eoe_sw
MD5 checksum:             4C3798409C8C8208CF4CBE0458C9BBC4

Filename:                 patchSG0004709.idb
Algorithm #1 (sum -r):    13705 5 patchSG0004709.idb
Algorithm #2 (sum):       59734 5 patchSG0004709.idb
MD5 checksum:             82DE19E57E969FD31BDF129F4EC20208

Filename:                 patchSG0004709.x_dev_sw
Algorithm #1 (sum -r):    40202 240 patchSG0004709.x_dev_sw
Algorithm #2 (sum):       38774 240 patchSG0004709.x_dev_sw
MD5 checksum:             9EF6548A89FFBF6E0C55DBAD86F90EF8

Filename:                 patchSG0004709.x_dev_sw64
Algorithm #1 (sum -r):    09364 151 patchSG0004709.x_dev_sw64
Algorithm #2 (sum):       24763 151 patchSG0004709.x_dev_sw64
MD5 checksum:             F5123FBF8FB1E7D40C0AE76B32B30A35

Filename:                 patchSG0004709.x_eoe_sw
Algorithm #1 (sum -r):    63497 11653 patchSG0004709.x_eoe_sw
Algorithm #2 (sum):       55851 11653 patchSG0004709.x_eoe_sw
MD5 checksum:             C044A9D8826209D129CA408A2942EE9C

Filename:                 README.patch.4710
Algorithm #1 (sum -r):    33104 10 README.patch.4710
Algorithm #2 (sum):       5672 10 README.patch.4710
MD5 checksum:             FF470C94A047A26BE948B1B6B395D0BA

Filename:                 patchSG0004710
Algorithm #1 (sum -r):    54983 5 patchSG0004710
Algorithm #2 (sum):       18095 5 patchSG0004710
MD5 checksum:             8BBA0355F5697B25AD14FC0F77F4DBB3

Filename:                 patchSG0004710.dmedia_eoe_sw
Algorithm #1 (sum -r):    58724 2030 patchSG0004710.dmedia_eoe_sw
Algorithm #2 (sum):       54553 2030 patchSG0004710.dmedia_eoe_sw
MD5 checksum:             250A8F059CC1CBED9103B817CDA55DFB

Filename:                 patchSG0004710.idb
Algorithm #1 (sum -r):    37173 5 patchSG0004710.idb
Algorithm #2 (sum):       60119 5 patchSG0004710.idb
MD5 checksum:             AA92D95A35FD3E871BF66D29294186C2

Filename:                 patchSG0004710.x_dev_sw
Algorithm #1 (sum -r):    43943 240 patchSG0004710.x_dev_sw
Algorithm #2 (sum):       18781 240 patchSG0004710.x_dev_sw
MD5 checksum:             B2F06D058040310C5C67A254080F5734

Filename:                 patchSG0004710.x_dev_sw64
Algorithm #1 (sum -r):    34551 151 patchSG0004710.x_dev_sw64
Algorithm #2 (sum):       20425 151 patchSG0004710.x_dev_sw64
MD5 checksum:             2DBE25A690C2F18A5643DE82256C6841

Filename:                 patchSG0004710.x_eoe_sw
Algorithm #1 (sum -r):    35591 11635 patchSG0004710.x_eoe_sw
Algorithm #2 (sum):       55324 11635 patchSG0004710.x_eoe_sw
MD5 checksum:             64183364C94F0D08BFD70960A7D7AE0D

Filename:                 README.patch.4757
Algorithm #1 (sum -r):    31919 9 README.patch.4757
Algorithm #2 (sum):       6853 9 README.patch.4757
MD5 checksum:             59C90A013D404F56C60BECF6E49F9532

Filename:                 patchSG0004757
Algorithm #1 (sum -r):    51651 2 patchSG0004757
Algorithm #2 (sum):       43183 2 patchSG0004757
MD5 checksum:             F035444DC5A27037DBAB67138505A8AF

Filename:                 patchSG0004757.idb
Algorithm #1 (sum -r):    38944 3 patchSG0004757.idb
Algorithm #2 (sum):       51661 3 patchSG0004757.idb
MD5 checksum:             D8D62F8BBEC9B4660D1EA726B57F8AA9

Filename:                 patchSG0004757.x_eoe_sw
Algorithm #1 (sum -r):    18457 11235 patchSG0004757.x_eoe_sw
Algorithm #2 (sum):       12989 11235 patchSG0004757.x_eoe_sw
MD5 checksum:             35BE4F4C9FE12BCB2489A56EC14EDD07

Filename:                 README.patch.4758
Algorithm #1 (sum -r):    07884 9 README.patch.4758
Algorithm #2 (sum):       6869 9 README.patch.4758
MD5 checksum:             8BADEE8856A97B2F67AB7CB8C6A74D4B

Filename:                 patchSG0004758
Algorithm #1 (sum -r):    15890 2 patchSG0004758
Algorithm #2 (sum):       40799 2 patchSG0004758
MD5 checksum:             A362C93D014DFBE7E881038BA959BF04

Filename:                 patchSG0004758.idb
Algorithm #1 (sum -r):    63456 3 patchSG0004758.idb
Algorithm #2 (sum):       51709 3 patchSG0004758.idb
MD5 checksum:             7DDE5D803277DCA82EFB33D63DFA5DB9

Filename:                 patchSG0004758.x_eoe_sw
Algorithm #1 (sum -r):    33795 11219 patchSG0004758.x_eoe_sw
Algorithm #2 (sum):       16001 11219 patchSG0004758.x_eoe_sw
MD5 checksum:             B3D9040A5B1FE3A546860AA8CB0B0F1B


- ------------------
- --- References ---
- ------------------

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/

SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at:
http://freeware.sgi.com/

SGI fixes for SGI open sourced code can be found on:
http://oss.sgi.com/projects/

SGI patches and RPMs for Linux can be found at:
http://support.sgi.com/linux/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/

SGI patches for Windows NT or 2000 can be found at:
http://support.sgi.com/nt/

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at:
http://support.sgi.com/colls/patches/tools/relstream/index.html

IRIX 6.5 Software Update CDs can be obtained from:
http://support.sgi.com/irix/swupdates/

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211).  Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not do a
real-time update.


- ------------------------
- --- Acknowledgments ----
- ------------------------

SGI wishes to thank FIRST and the users of the Internet Community at large
for their assistance in this matter.

- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
security-info () sgi com 

                      ------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211).  Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info () sgi com 

For assistance obtaining or working with security patches, please
contact your SGI support provider.

                      ------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.

% mail wiretap-request () sgi com
subscribe wiretap <YourEmailAddress>
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to.  The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.


                      ------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .

                      ------oOo------

If there are general security questions on SGI systems, email can be sent to
security-info () sgi com 

For reporting *NEW* SGI security issues, email can be sent to
security-alert () sgi com or contact your SGI support provider.  A support
contract is not required for submitting a security report.

______________________________________________________________________________
      This information is provided freely to all interested parties
      and may be redistributed provided that it is not altered in any
      way, SGI is appropriately credited and the document retains and
      includes its valid PGP signature.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPazMZ7Q4cFApAP75AQGwoAQAt5RnCzFpb+Q+NbFHaVqUqFIm6IdSPoBw
Kp+G4mH8CXkpE7jtEtaTtAA0Rcm+vdnW3FiL7VGzZzdjd49bklXCCwZiRsxHsHv3
vIBj5/O+qEFcYDOVWfWQaZA/G9RJKpfPh+4YGbt60C1gGfswlVopmxG0O9kCrJc8
280a+eCuSA0=
=v/zn
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • X Windows zlib/MIT-SHM/huge font DoS vulnerabilities SGI Security Coordinator (Oct 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault