[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[irix-security] IRIX Mail, mailx, timed and sort vulnerabilities
- To: irix-security@sfu.ca
- Subject: [irix-security] IRIX Mail, mailx, timed and sort vulnerabilities
- From: Martin Siegert <siegert@sfu.ca>
- Date: Wed, 5 Jun 2002 19:09:46 -0700
- User-Agent: Mutt/1.2.5.1i
Topic
=====
Vulnerabilities in various utilities can lead to root exploits.
The timed vulnerability can lead to a remote root exploit.
Problem Description
===================
Certain standard utilities in IRIX had security issues:
o "mailx" and "Mail" could be made to dump core
o "sort" was using predictably-named temporary files
o "timed" could die when sent null packets
o "gzip" had a buffer overflow vulnerability
These vulnerabilities could lead to a denial-of-service or root exploit.
In the case of Mail/mailx, a local account may not be required.
These utilities are all installed by default on all IRIX 6.5 systems.
The timed vulnerability may be exploited by a remote user, and no local
account is required.
The mailx, Mail, sort and gzip vulnerabilities require a local account in
order to be exploited.
Solution
========
SGI has provided patches for these vulnerabilities. Our recommendation is
to upgrade to IRIX 6.5.16 when available, or install the appropriate patch.
OS Version Vulnerable? Patch #
---------- ----------- -------
IRIX 6.5 yes
IRIX 6.5.1 yes
IRIX 6.5.2 yes
IRIX 6.5.3 yes
IRIX 6.5.4 yes
IRIX 6.5.5 yes
IRIX 6.5.6 yes
IRIX 6.5.7 yes
IRIX 6.5.8 yes
IRIX 6.5.9 yes
IRIX 6.5.10 yes
IRIX 6.5.11m yes
IRIX 6.5.11f yes
IRIX 6.5.12m yes 4534
IRIX 6.5.12f yes 4535
IRIX 6.5.13m yes 4534
IRIX 6.5.13f yes 4535
IRIX 6.5.14m yes 4534
IRIX 6.5.14f yes 4535
IRIX 6.5.15m yes 4534
IRIX 6.5.15f yes 4535
IRIX 6.5.16 no
Remarks
=======
It appears that to patch against these bugs on Irix 6.5.x, x < 12, you must
upgrade to Irix 6.5.y, y > 11 first.
Patches 4534 and 4535 can be obtained from
http://www.sfu.ca/acs/security/irix/irix-patches.html