search menu icon-carat-right cmu-wordmark

CERT Coordination Center

SGI IRIX name services daemon (nsd) and modules mishandle AUTH_UNIX gid list

Vulnerability Note VU#682900

Original Release Date: 2003-07-30 | Last Revised: 2003-07-30

Overview

A remotely exploitable vulnerability has been discoved in the "nsd" service for SGI IRIX systems. A remote attacker may be able to gain root access to the vulnerable system.

Description

A remotely exploitable heap overflow vulnerability has been discovered in a function for the RPC AUTH_UNIX method of "nsd" service of SGI IRIX 6.5.x systems and potentially earlier versions. A remote attacker may send a specially crafted RPC AUTH_UNIX udp packet to the nsd service. During a copy routine, the user input is not properly validated, and may overwrite memory after the allocated buffer. Details of this vulnerability are outlined in the Last Stage of Delirium advisory. SGI does not support versions prior to 6.5.x and recommend upgrading to 6.5.22 when available to resolve this issue.

According to the SGI Advisory:

It's been reported that the IRIX name services daemon "nsd" can be exploited
in various ways through the AUTH_UNIX gid list. This could result in an
attacker gaining root access.

SGI has investigated the issue and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected in future releases of IRIX.

Impact

A remote attacker may be able to gain root access to the vulnerable system.

Solution

Install a patch for your version if available, or upgrade to IRIX 6.5.22 when available.

Vendor Information

682900
 

SGI Affected

Updated:  July 30, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
SGI Security Advisory


Title     : IRIX nsd server and modules mishandle AUTH_UNIX gid list
Number    : 20030704-01-P
Date      : July 29, 2003
Reference : CVE CAN-2003-0575
Reference : SGI BUG 873591
Fixed in  : IRIX 6.5.22 or patches 5189-5197

______________________________________________________________________________

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.  SGI recommends that
this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS" basis
only, and disclaims all warranties with respect thereto, express, implied
or otherwise, including, without limitation, any warranty of merchantability
or fitness for a particular purpose.  In no event shall SGI be liable for
any loss of profits, loss of business, loss of data or for any indirect,
special, exemplary, incidental or consequential damages of any kind arising
from your use of, failure to use or improper use of any of the instructions
or information in this Security Advisory.
______________________________________________________________________________

- -----------------------
- --- Issue Specifics ---
- -----------------------

It's been reported that the IRIX name services daemon "nsd" can be exploited
in various ways through the AUTH_UNIX gid list.  This could result in an
attacker gaining root access.

SGI has investigated the issue and recommends the following steps for
neutralizing the exposure.  It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.

These issues have been corrected in future releases of IRIX.


- --------------
- --- Impact ---
- --------------

The /usr/etc/nsd binary is installed by default on IRIX 6.5 systems as part
of eoe.sw.base.

To determine the version of IRIX you are running, execute the following
command:

# /bin/uname -R

That will return a result similar to the following:

# 6.5 6.5.19f

The first number ("6.5") is the release name, the second ("6.5.19f" in this
case) is the extended release name.  The extended release name is the
"version" we refer to throughout this document.


- ----------------------------
- --- Temporary Workaround ---
- ----------------------------

There is no practical workaround available for these problems.  SGI
recommends either upgrading to IRIX 6.5.22 when available, or installing the
appropriate patch from the listing below.


- ----------------
- --- Solution ---
- ----------------

SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.22 when available, or install the
appropriate patch.

OS Version     Vulnerable?     Patch #      Other Actions
----------     -----------     -------      -------------
IRIX 3.x        unknown                     Note 1
IRIX 4.x        unknown                     Note 1
IRIX 5.x        unknown                     Note 1
IRIX 6.0.x      unknown                     Note 1
IRIX 6.1        unknown                     Note 1
IRIX 6.2        unknown                     Note 1
IRIX 6.3        unknown                     Note 1
IRIX 6.4        unknown                     Note 1
IRIX 6.5          yes                       Notes 2 & 3
IRIX 6.5.1        yes                       Notes 2 & 3
IRIX 6.5.2        yes                       Notes 2 & 3
IRIX 6.5.3        yes                       Notes 2 & 3
IRIX 6.5.4        yes                       Notes 2 & 3
IRIX 6.5.5        yes                       Notes 2 & 3
IRIX 6.5.6        yes                       Notes 2 & 3
IRIX 6.5.7        yes                       Notes 2 & 3
IRIX 6.5.8        yes                       Notes 2 & 3
IRIX 6.5.9        yes                       Notes 2 & 3
IRIX 6.5.10       yes                       Notes 2 & 3
IRIX 6.5.11       yes                       Notes 2 & 3
IRIX 6.5.12       yes                       Notes 2 & 3
IRIX 6.5.13       yes                       Notes 2 & 3
IRIX 6.5.14       yes                       Notes 2 & 3
IRIX 6.5.15       yes                       Notes 2 & 3
IRIX 6.5.16       yes                       Notes 2 & 3
IRIX 6.5.17m      yes            5189       Notes 2 & 4
IRIX 6.5.17f      yes            5190       Notes 2 & 4
IRIX 6.5.18m      yes            5191       Notes 2 & 4
IRIX 6.5.18f      yes            5192       Notes 2 & 4
IRIX 6.5.19m      yes            5193       Notes 2 & 4
IRIX 6.5.19f      yes            5194       Notes 2 & 4
IRIX 6.5.20m      yes            5195       Notes 2 & 4
IRIX 6.5.20f      yes            5196       Notes 2 & 4
IRIX 6.5.21m      yes            5197       Notes 2 & 4
IRIX 6.5.21f      yes            5197       Notes 2 & 4



NOTES:

1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system.  See
http://support.sgi.com for more information.

2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL:
http://support.sgi.com

3) Upgrade to IRIX 6.5.22 when available.

4) Install the patch or upgrade to IRIX 6.5.22 when available.


- ------------------------
- --- Acknowledgments ----
- ------------------------

SGI wishes to thank lsd-pl.net for their assistance in this matter.


##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:
Filename:                 README.patch.5189
Algorithm #1 (sum -r):    10159 11 README.patch.5189
Algorithm #2 (sum):       27589 11 README.patch.5189
MD5 checksum:             3F63B9BBF6B2909D3BAEC682F0E2C84F

Filename:                 patchSG0005189
Algorithm #1 (sum -r):    26813 12 patchSG0005189
Algorithm #2 (sum):       61008 12 patchSG0005189
MD5 checksum:             0388F4E45B333419054FBDCB0830B2A9

Filename:                 patchSG0005189.dev_sw
Algorithm #1 (sum -r):    64914 2866 patchSG0005189.dev_sw
Algorithm #2 (sum):       49865 2866 patchSG0005189.dev_sw
MD5 checksum:             7565712B2F570D570742360CEC075E6E

Filename:                 patchSG0005189.eoe_man
Algorithm #1 (sum -r):    50132 22 patchSG0005189.eoe_man
Algorithm #2 (sum):       58583 22 patchSG0005189.eoe_man
MD5 checksum:             10ED274CED785FFBB334B2D0F0E4CF98

Filename:                 patchSG0005189.eoe_sw
Algorithm #1 (sum -r):    17616 14758 patchSG0005189.eoe_sw
Algorithm #2 (sum):       19495 14758 patchSG0005189.eoe_sw
MD5 checksum:             85FF8F0C89ED00864D4F6AE6728C0F55

Filename:                 patchSG0005189.eoe_sw64
Algorithm #1 (sum -r):    28098 5508 patchSG0005189.eoe_sw64
Algorithm #2 (sum):       45071 5508 patchSG0005189.eoe_sw64
MD5 checksum:             45CCA311F2DB7DA47D36EF76D13A61D1

Filename:                 patchSG0005189.idb
Algorithm #1 (sum -r):    65460 11 patchSG0005189.idb
Algorithm #2 (sum):       37719 11 patchSG0005189.idb
MD5 checksum:             BF408135EE9CA404743F02D98239C071

Filename:                 patchSG0005189.irix_dev_sw
Algorithm #1 (sum -r):    52170 13 patchSG0005189.irix_dev_sw
Algorithm #2 (sum):       5809 13 patchSG0005189.irix_dev_sw
MD5 checksum:             BFD2074EF383E3D2D5B570DC953D6CE7

Filename:                 patchSG0005189.nfs_sw
Algorithm #1 (sum -r):    28459 305 patchSG0005189.nfs_sw
Algorithm #2 (sum):       63248 305 patchSG0005189.nfs_sw
MD5 checksum:             95FF9B4686F19BD28CA430A957F29E4B

Filename:                 README.patch.5190
Algorithm #1 (sum -r):    37045 11 README.patch.5190
Algorithm #2 (sum):       20865 11 README.patch.5190
MD5 checksum:             6F798BD7D46AE8C9991387EE05ABCD11

Filename:                 patchSG0005190
Algorithm #1 (sum -r):    31348 11 patchSG0005190
Algorithm #2 (sum):       47310 11 patchSG0005190
MD5 checksum:             8DFE64ED07CAD15AF232EF1AA099474E

Filename:                 patchSG0005190.dev_sw
Algorithm #1 (sum -r):    00993 2915 patchSG0005190.dev_sw
Algorithm #2 (sum):       20030 2915 patchSG0005190.dev_sw
MD5 checksum:             94C2BC7A431BBFF2D58A2B3F964659C8

Filename:                 patchSG0005190.eoe_man
Algorithm #1 (sum -r):    50132 22 patchSG0005190.eoe_man
Algorithm #2 (sum):       58583 22 patchSG0005190.eoe_man
MD5 checksum:             10ED274CED785FFBB334B2D0F0E4CF98

Filename:                 patchSG0005190.eoe_sw
Algorithm #1 (sum -r):    19609 14952 patchSG0005190.eoe_sw
Algorithm #2 (sum):       38104 14952 patchSG0005190.eoe_sw
MD5 checksum:             221B70ACC610670A47417EED3B3A6A51

Filename:                 patchSG0005190.eoe_sw64
Algorithm #1 (sum -r):    37048 5575 patchSG0005190.eoe_sw64
Algorithm #2 (sum):       20022 5575 patchSG0005190.eoe_sw64
MD5 checksum:             6C020AE51FDD453E7BA5E4EB36E81B10

Filename:                 patchSG0005190.idb
Algorithm #1 (sum -r):    39117 11 patchSG0005190.idb
Algorithm #2 (sum):       37467 11 patchSG0005190.idb
MD5 checksum:             F9EF65E23CECD9BF5A02E798DECF0D1E

Filename:                 patchSG0005190.irix_dev_sw
Algorithm #1 (sum -r):    52170 13 patchSG0005190.irix_dev_sw
Algorithm #2 (sum):       5809 13 patchSG0005190.irix_dev_sw
MD5 checksum:             BFD2074EF383E3D2D5B570DC953D6CE7

Filename:                 patchSG0005190.nfs_sw
Algorithm #1 (sum -r):    53177 305 patchSG0005190.nfs_sw
Algorithm #2 (sum):       36788 305 patchSG0005190.nfs_sw
MD5 checksum:             9963BF353F105A16A8056B7DCF8BC71F

Filename:                 README.patch.5191
Algorithm #1 (sum -r):    44493 10 README.patch.5191
Algorithm #2 (sum):       33518 10 README.patch.5191
MD5 checksum:             1E7DD9734E470255A0317FE1F177F029

Filename:                 patchSG0005191
Algorithm #1 (sum -r):    58413 9 patchSG0005191
Algorithm #2 (sum):       17263 9 patchSG0005191
MD5 checksum:             48BA52D30DDA800BEDAA6797E9F501D3

Filename:                 patchSG0005191.dev_sw
Algorithm #1 (sum -r):    47918 2895 patchSG0005191.dev_sw
Algorithm #2 (sum):       38459 2895 patchSG0005191.dev_sw
MD5 checksum:             757ED549AE4E4E67371C52940BD668F3

Filename:                 patchSG0005191.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005191.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005191.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005191.eoe_sw
Algorithm #1 (sum -r):    58912 15208 patchSG0005191.eoe_sw
Algorithm #2 (sum):       23893 15208 patchSG0005191.eoe_sw
MD5 checksum:             A7E87F8FAED5B14D9EE77BF244C4BD1E

Filename:                 patchSG0005191.eoe_sw64
Algorithm #1 (sum -r):    37332 5772 patchSG0005191.eoe_sw64
Algorithm #2 (sum):       58155 5772 patchSG0005191.eoe_sw64
MD5 checksum:             F9E0BB01873805B89A93626BAFA7032C

Filename:                 patchSG0005191.idb
Algorithm #1 (sum -r):    56753 8 patchSG0005191.idb
Algorithm #2 (sum):       52581 8 patchSG0005191.idb
MD5 checksum:             EF8A1A8C60A55A9458DB5B6570072E9E

Filename:                 patchSG0005191.irix_dev_sw
Algorithm #1 (sum -r):    52170 13 patchSG0005191.irix_dev_sw
Algorithm #2 (sum):       5809 13 patchSG0005191.irix_dev_sw
MD5 checksum:             BFD2074EF383E3D2D5B570DC953D6CE7

Filename:                 patchSG0005191.nfs_sw
Algorithm #1 (sum -r):    08578 191 patchSG0005191.nfs_sw
Algorithm #2 (sum):       42979 191 patchSG0005191.nfs_sw
MD5 checksum:             353304ACB0E469ABC2366A2AE4B02A92

Filename:                 README.patch.5192
Algorithm #1 (sum -r):    56928 10 README.patch.5192
Algorithm #2 (sum):       33597 10 README.patch.5192
MD5 checksum:             4222566EECA54D82E5C7DD524C73F0D5

Filename:                 patchSG0005192
Algorithm #1 (sum -r):    16338 10 patchSG0005192
Algorithm #2 (sum):       7867 10 patchSG0005192
MD5 checksum:             9BB92A712A749D92310FDB27D6213C2C

Filename:                 patchSG0005192.dev_sw
Algorithm #1 (sum -r):    00797 2954 patchSG0005192.dev_sw
Algorithm #2 (sum):       26374 2954 patchSG0005192.dev_sw
MD5 checksum:             A712851C76471540007A2372637F1AE5

Filename:                 patchSG0005192.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005192.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005192.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005192.eoe_sw
Algorithm #1 (sum -r):    19001 15432 patchSG0005192.eoe_sw
Algorithm #2 (sum):       34293 15432 patchSG0005192.eoe_sw
MD5 checksum:             BC8AF2735CF1F2071FA9DC4BB6D33BAB

Filename:                 patchSG0005192.eoe_sw64
Algorithm #1 (sum -r):    20276 5848 patchSG0005192.eoe_sw64
Algorithm #2 (sum):       57563 5848 patchSG0005192.eoe_sw64
MD5 checksum:             7C95292E49974B002B73E128B8DB6F40

Filename:                 patchSG0005192.idb
Algorithm #1 (sum -r):    11998 8 patchSG0005192.idb
Algorithm #2 (sum):       53351 8 patchSG0005192.idb
MD5 checksum:             17BDE9A7DA8E56A52DCE506341A66D7C

Filename:                 patchSG0005192.irix_dev_sw
Algorithm #1 (sum -r):    52170 13 patchSG0005192.irix_dev_sw
Algorithm #2 (sum):       5809 13 patchSG0005192.irix_dev_sw
MD5 checksum:             BFD2074EF383E3D2D5B570DC953D6CE7

Filename:                 patchSG0005192.nfs_sw
Algorithm #1 (sum -r):    48792 191 patchSG0005192.nfs_sw
Algorithm #2 (sum):       12907 191 patchSG0005192.nfs_sw
MD5 checksum:             6955C79C266D90FF264A57B244D4C814

Filename:                 README.patch.5193
Algorithm #1 (sum -r):    46648 10 README.patch.5193
Algorithm #2 (sum):       46269 10 README.patch.5193
MD5 checksum:             E5EEFDC8DF3ED7415B2807764B5A51F5

Filename:                 patchSG0005193
Algorithm #1 (sum -r):    18001 11 patchSG0005193
Algorithm #2 (sum):       32840 11 patchSG0005193
MD5 checksum:             7C02A14A9CB4F0DA5E96D6E4B224A2EA

Filename:                 patchSG0005193.dev_man
Algorithm #1 (sum -r):    28629 12 patchSG0005193.dev_man
Algorithm #2 (sum):       65088 12 patchSG0005193.dev_man
MD5 checksum:             76770F3C5AB120AF55F739DA42C99A40

Filename:                 patchSG0005193.dev_sw
Algorithm #1 (sum -r):    18837 2909 patchSG0005193.dev_sw
Algorithm #2 (sum):       61870 2909 patchSG0005193.dev_sw
MD5 checksum:             595A5C1C853FDBE68648CD307A227586

Filename:                 patchSG0005193.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005193.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005193.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005193.eoe_sw
Algorithm #1 (sum -r):    62454 15489 patchSG0005193.eoe_sw
Algorithm #2 (sum):       32449 15489 patchSG0005193.eoe_sw
MD5 checksum:             6CF12946EBF53F3C45FDDA08F8C76071


Filename:                 patchSG0005193.eoe_sw64
Algorithm #1 (sum -r):    24295 5821 patchSG0005193.eoe_sw64
Algorithm #2 (sum):       58234 5821 patchSG0005193.eoe_sw64
MD5 checksum:             8D9905C1674BCE79697B8879C981645E

Filename:                 patchSG0005193.idb
Algorithm #1 (sum -r):    61329 11 patchSG0005193.idb
Algorithm #2 (sum):       60693 11 patchSG0005193.idb
MD5 checksum:             3982AF12D0DA7A14FE37DBEC9E801CEB

Filename:                 patchSG0005193.irix_dev_sw
Algorithm #1 (sum -r):    29446 15 patchSG0005193.irix_dev_sw
Algorithm #2 (sum):       30495 15 patchSG0005193.irix_dev_sw
MD5 checksum:             0A0118E17B525C4D059CD36C2BAB5590

Filename:                 patchSG0005193.nfs_sw
Algorithm #1 (sum -r):    48750 306 patchSG0005193.nfs_sw
Algorithm #2 (sum):       31501 306 patchSG0005193.nfs_sw
MD5 checksum:             4DF1F879D1EC091BE3FB94C4D80985D1

Filename:                 README.patch.5194
Algorithm #1 (sum -r):    18094 10 README.patch.5194
Algorithm #2 (sum):       49892 10 README.patch.5194
MD5 checksum:             AE6EFB88EDF108155FFAD631D1223459

Filename:                 patchSG0005194
Algorithm #1 (sum -r):    12609 12 patchSG0005194
Algorithm #2 (sum):       424 12 patchSG0005194
MD5 checksum:             D151149958AEB786A26316007EBA3D9E

Filename:                 patchSG0005194.dev_man
Algorithm #1 (sum -r):    28629 12 patchSG0005194.dev_man
Algorithm #2 (sum):       65088 12 patchSG0005194.dev_man
MD5 checksum:             76770F3C5AB120AF55F739DA42C99A40

Filename:                 patchSG0005194.dev_sw
Algorithm #1 (sum -r):    15419 2966 patchSG0005194.dev_sw
Algorithm #2 (sum):       58302 2966 patchSG0005194.dev_sw
MD5 checksum:             18A94E9D2ABA9D54B301839D7E941F71

Filename:                 patchSG0005194.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005194.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005194.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005194.eoe_sw
Algorithm #1 (sum -r):    58918 15645 patchSG0005194.eoe_sw
Algorithm #2 (sum):       18869 15645 patchSG0005194.eoe_sw
MD5 checksum:             00ECAE460EDC3F76FB6A91826B915132

Filename:                 patchSG0005194.eoe_sw64
Algorithm #1 (sum -r):    51671 5934 patchSG0005194.eoe_sw64
Algorithm #2 (sum):       11268 5934 patchSG0005194.eoe_sw64
MD5 checksum:             125C54A6D1509A9E982C88AA089DE58A

Filename:                 patchSG0005194.idb
Algorithm #1 (sum -r):    11835 12 patchSG0005194.idb
Algorithm #2 (sum):       6113 12 patchSG0005194.idb
MD5 checksum:             D7C06A9A49D35B521FD13FCCE14CBB6A

Filename:                 patchSG0005194.irix_dev_sw
Algorithm #1 (sum -r):    42515 20 patchSG0005194.irix_dev_sw
Algorithm #2 (sum):       61566 20 patchSG0005194.irix_dev_sw
MD5 checksum:             20307991B48867256113BBA4E5A36109

Filename:                 patchSG0005194.nfs_sw
Algorithm #1 (sum -r):    58592 307 patchSG0005194.nfs_sw
Algorithm #2 (sum):       53662 307 patchSG0005194.nfs_sw
MD5 checksum:             F53D5CE3FCE94F270728271F3BB6DFA5

Filename:                 README.patch.5195
Algorithm #1 (sum -r):    53740 9 README.patch.5195
Algorithm #2 (sum):       2479 9 README.patch.5195
MD5 checksum:             7D659CDA188F1EDCC90F0D98741AF57F

Filename:                 patchSG0005195
Algorithm #1 (sum -r):    15487 8 patchSG0005195
Algorithm #2 (sum):       47255 8 patchSG0005195
MD5 checksum:             2C7F0183007573F4FBD64BE39B45924C

Filename:                 patchSG0005195.dev_man
Algorithm #1 (sum -r):    28629 12 patchSG0005195.dev_man
Algorithm #2 (sum):       65088 12 patchSG0005195.dev_man
MD5 checksum:             76770F3C5AB120AF55F739DA42C99A40

Filename:                 patchSG0005195.dev_sw
Algorithm #1 (sum -r):    22946 2270 patchSG0005195.dev_sw
Algorithm #2 (sum):       48297 2270 patchSG0005195.dev_sw
MD5 checksum:             7132A545C45C38F8FBB387CF165D5509

Filename:                 patchSG0005195.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005195.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005195.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005195.eoe_sw
Algorithm #1 (sum -r):    34125 14237 patchSG0005195.eoe_sw
Algorithm #2 (sum):       34152 14237 patchSG0005195.eoe_sw
MD5 checksum:             68C5F343DB6F9CB77C9551C6C0EADBC9

Filename:                 patchSG0005195.eoe_sw64
Algorithm #1 (sum -r):    58484 5981 patchSG0005195.eoe_sw64
Algorithm #2 (sum):       24268 5981 patchSG0005195.eoe_sw64
MD5 checksum:             7A15570F574A2C8852A73FB240D388CC

Filename:                 patchSG0005195.idb
Algorithm #1 (sum -r):    52657 7 patchSG0005195.idb
Algorithm #2 (sum):       57861 7 patchSG0005195.idb
MD5 checksum:             E2408A3AE0B9B06605E8EB20448D1856

Filename:                 patchSG0005195.irix_dev_sw
Algorithm #1 (sum -r):    17463 14 patchSG0005195.irix_dev_sw
Algorithm #2 (sum):       9159 14 patchSG0005195.irix_dev_sw
MD5 checksum:             8A43E189CBC080C59C8E4CBC39E53B5F

Filename:                 patchSG0005195.nfs_sw
Algorithm #1 (sum -r):    42234 192 patchSG0005195.nfs_sw
Algorithm #2 (sum):       61070 192 patchSG0005195.nfs_sw
MD5 checksum:             B2404F1C9E87B29AFDA3F9F8C9CB7E76

Filename:                 README.patch.5196
Algorithm #1 (sum -r):    03828 9 README.patch.5196
Algorithm #2 (sum):       13617 9 README.patch.5196
MD5 checksum:             4C33F99312773DBA5CBD4580E900BFB9

Filename:                 patchSG0005196
Algorithm #1 (sum -r):    49364 9 patchSG0005196
Algorithm #2 (sum):       26233 9 patchSG0005196
MD5 checksum:             1F25A6AB083320F418987B91E1F6E246

Filename:                 patchSG0005196.dev_man
Algorithm #1 (sum -r):    28629 12 patchSG0005196.dev_man
Algorithm #2 (sum):       65088 12 patchSG0005196.dev_man
MD5 checksum:             76770F3C5AB120AF55F739DA42C99A40

Filename:                 patchSG0005196.dev_sw
Algorithm #1 (sum -r):    41278 1243 patchSG0005196.dev_sw
Algorithm #2 (sum):       7957 1243 patchSG0005196.dev_sw
MD5 checksum:             230BBC90032988DBB9F7DC013E09A5FF

Filename:                 patchSG0005196.eoe_man
Algorithm #1 (sum -r):    10457 22 patchSG0005196.eoe_man
Algorithm #2 (sum):       12877 22 patchSG0005196.eoe_man
MD5 checksum:             F724C951BAB9375863EE5927230BE2A6

Filename:                 patchSG0005196.eoe_sw
Algorithm #1 (sum -r):    44227 14328 patchSG0005196.eoe_sw
Algorithm #2 (sum):       9582 14328 patchSG0005196.eoe_sw
MD5 checksum:             9F6BA09C7C15B164A7C18E754C0560BA

Filename:                 patchSG0005196.eoe_sw64
Algorithm #1 (sum -r):    14959 6010 patchSG0005196.eoe_sw64
Algorithm #2 (sum):       1503 6010 patchSG0005196.eoe_sw64
MD5 checksum:             09B6A878F5120EBECA4EC917D56608A4

Filename:                 patchSG0005196.idb
Algorithm #1 (sum -r):    51152 7 patchSG0005196.idb
Algorithm #2 (sum):       56906 7 patchSG0005196.idb
MD5 checksum:             5C48BF388B1D80D0DB97F56B8976DD2C

Filename:                 patchSG0005196.irix_dev_sw
Algorithm #1 (sum -r):    64228 19 patchSG0005196.irix_dev_sw
Algorithm #2 (sum):       40230 19 patchSG0005196.irix_dev_sw
MD5 checksum:             7D9ACBBA7A89043F1EFFC6D9781B3CB3

Filename:                 patchSG0005196.nfs_sw
Algorithm #1 (sum -r):    07219 192 patchSG0005196.nfs_sw
Algorithm #2 (sum):       42988 192 patchSG0005196.nfs_sw
MD5 checksum:             3C1716878E076E4257C6416C7D358086

Filename:                 README.patch.5197
Algorithm #1 (sum -r):    05441 8 README.patch.5197
Algorithm #2 (sum):       24264 8 README.patch.5197
MD5 checksum:             674D446C38AD05D01F04710E2617D669

Filename:                 patchSG0005197
Algorithm #1 (sum -r):    19120 2 patchSG0005197
Algorithm #2 (sum):       63398 2 patchSG0005197
MD5 checksum:             D38922CC2814154A7C202A98AF547ABB

Filename:                 patchSG0005197.eoe_sw
Algorithm #1 (sum -r):    17115 234 patchSG0005197.eoe_sw
Algorithm #2 (sum):       35213 234 patchSG0005197.eoe_sw
MD5 checksum:             C56A15C7D300F152D41075483E12EDE5

Filename:                 patchSG0005197.idb
Algorithm #1 (sum -r):    63456 2 patchSG0005197.idb
Algorithm #2 (sum):       60951 2 patchSG0005197.idb
MD5 checksum:             B3BEBEC7C0DF2221774A061664E04B08

Filename:                 patchSG0005197.nfs_sw
Algorithm #1 (sum -r):    26511 192 patchSG0005197.nfs_sw
Algorithm #2 (sum):       27157 192 patchSG0005197.nfs_sw
MD5 checksum:             CB05E116F4F22E5E80C741C393B530EB


- -------------
- --- Links ---
- -------------

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/

SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at:
http://freeware.sgi.com/

SGI patches and RPMs for Linux can be found at:
http://support.sgi.com

SGI patches for Windows NT or 2000 can be found at:
http://support.sgi.com/

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at:
http://support.sgi.com/

IRIX 6.5 Software Update CDs can be obtained from:
http://support.sgi.com/

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com.  Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not do a
real-time update.


- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
security-info@sgi.com.

------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing the
information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com.  Security advisories and patches are located under the URL
ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(
http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap <YourEmailAddress such as midwatch@sgi.com >
end
^d

In the example above, <YourEmailAddress> is the email address that you wish
the mailing list information sent to.  The word end must be on a separate
line to indicate the end of the body of the message. The control-d (^d) is
used to indicate to the mail program that you are finished composing the
mail message.


------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at
http://www.sgi.com/support/security/ .

------oOo------

If there are general security questions on SGI systems, email can be sent to
security-info@sgi.com.

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A support
contract is not required for submitting a security report.

______________________________________________________________________________
This information is provided freely to all interested parties
and may be redistributed provided that it is not altered in any
way, SGI is appropriately credited and the document retains and
includes its valid PGP signature.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBPybn/LQ4cFApAP75AQHZBgP/WG75VEP0yMIRRLH2LW8lDIAXc59ugS7H
uz52BbxnvckNo3lX6ObhHjfLZ8EYGdN2srClHXdJyGTKTzhJvrQaeqP+DgyRz6t4
eceRBAOzaQYYfgk1c4IHCcjUwUCpkZDO0YhP0YaWD1tUXTdff4ordP2lSr07Q687
vN0Cd11SasA=
=rnDN
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to SGI Security and Last Stage of Delirium for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs: CVE-2003-0575
Severity Metric: 14.63
Date Public: 2003-07-29
Date First Published: 2003-07-30
Date Last Updated: 2003-07-30 19:15 UTC
Document Revision: 6

Sponsored by CISA.