Notified: October 07, 2002 Updated: November 18, 2002
Affected
Affected systems: Mac OS X 10.0 to 10.2.1 & Mac OS X Server 10.0 to 10.2.1 This is fixed in Mac OS X 10.2.2 and Mac OS X Server 10.2.2.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 30, 2002
Unknown
Cray, Inc. may be vulnerable and has opened sprs 723750 and 723751 to track this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 14, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: November 04, 2002
Affected
glibc 2.3.1 and previous releases are vulnerable. No fix is available yet.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 14, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: January 15, 2003
Affected
The AIX operating system is vulnerable to the SUN RPC libc DOS attack, as mentioned above, in releases 4.3.3, 5.1.0 and 5.2.0. The following APARs will be available for this fix: APAR number for AIX 4.3.3: IY36463 (available approx. 11/27/2002) APAR number for AIX 5.1.0: IY36507 (available approx. 4/28/2003) APAR number for AIX 5.2.0: IY36854 (available approx. 4/28/2003) The APARs can be downloaded using the link below and then following the links for your release level. http://techsupport.services.ibm.com/rs6k/fixes.html An efix is available for this issue and is available from the following URL: ftp://ftp.software.ibm.com/aix/efixes/security/rpc_efix.tar.Z
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 14, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: November 08, 2002
Affected
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title : Potential Denial of Service Vulnerability in RPC-based libc
Number : 20021103-01-P
Date : November 7, 2002
Reference: CERT VU#266817
Reference: CVE CAN-2002-1265
Reference: SGI BUGS 852333 and 871325
Fixed in : IRIX 6.5.18
Fixed in : SGI PATCHES 4838, 4839, 4842, 4843, 4840, 4845, 4841, and 4846 - --- Issue Specifics --- It's been reported that SGI IRIX's Sun RPC-based libc implementation fails
to provide an adequate time-out mechanism when reading data from TCP
connections. As a result, a remote attacker can deny service to system
daemons. See http://www.kb.cert.org/vuls/id/266817 for additional details. This vulnerability has been assigned the following CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1265 SGI has investigated the issue and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems. These issues have been corrected with patches and in IRIX 6.5.18. - --- Impact --- The libc library is installed by default on IRIX 6.5 systems as part of
eoe.sw.base. To determine the version of IRIX you are running, execute the following
command: # /bin/uname -R That will return a result similar to the following: # 6.5 6.5.16f The first number ("6.5") is the release name, the second ("6.5.16f" in this
case) is the extended release name. The extended release name is the
"version" we refer to throughout this document. - --- Temporary Workaround --- Apart from not running Sun RPC services, there is no effective workaround
available for this vulnerability. SGI recommends either upgrading to IRIX
6.5.18 or later, or installing the appropriate patch from the listing below. - --- Solution --- SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.18 or later, or install the
appropriate patch. OS Version Vulnerable? Patch # Other Actions IRIX 3.x unknown Note 1
IRIX 4.x unknown Note 1
IRIX 5.x unknown Note 1
IRIX 6.0.x unknown Note 1
IRIX 6.1 unknown Note 1
IRIX 6.2 unknown Note 1
IRIX 6.3 unknown Note 1
IRIX 6.4 unknown Note 1
IRIX 6.5 yes Notes 2 & 3
IRIX 6.5.1 yes Notes 2 & 3
IRIX 6.5.2 yes Notes 2 & 3
IRIX 6.5.3 yes Notes 2 & 3
IRIX 6.5.4 yes Notes 2 & 3
IRIX 6.5.5 yes Notes 2 & 3
IRIX 6.5.6 yes Notes 2 & 3
IRIX 6.5.7 yes Notes 2 & 3
IRIX 6.5.8 yes Notes 2 & 3
IRIX 6.5.9 yes Notes 2 & 3
IRIX 6.5.10 yes Notes 2 & 3
IRIX 6.5.11 yes Notes 2 & 3
IRIX 6.5.12 yes Notes 2 & 3
IRIX 6.5.13 yes Notes 2 & 3
IRIX 6.5.14m yes 4838 Notes 2 & 3
IRIX 6.5.14f yes 4839 Notes 2 & 3
IRIX 6.5.15m yes 4842 Notes 2 & 3
IRIX 6.5.15f yes 4843 Notes 2 & 3
IRIX 6.5.16m yes 4840 Notes 2 & 3
IRIX 6.5.16f yes 4845 Notes 2 & 3
IRIX 6.5.17m yes 4841 Notes 2 & 3
IRIX 6.5.17f yes 4846 Notes 2 & 3
IRIX 6.5.18 no NOTES 1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system. See
http://support.sgi.com/irix/news/index.html#policy for more
information. 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL: http://support.sgi.com/irix/swupdates/
IRIX Maintenance releases can be downloaded from: http://support.sgi.com/colls/patches/tools/relstream/index.html 3) Upgrade to IRIX 6.5.18 or later. ##### Patch File Checksums #### The actual patch will be a tar file containing the following files: Filename: README.patch.4838
Algorithm #1 (sum -r): 19885 9 README.patch.4838
Algorithm #2 (sum): 13097 9 README.patch.4838
MD5 checksum: 7078E8BE364B66AD17884D5945DC4CB9 Filename: patchSG0004838
Algorithm #1 (sum -r): 24098 8 patchSG0004838
Algorithm #2 (sum): 6796 8 patchSG0004838
MD5 checksum: 6F0A4437FA7FEDCB9FBA2F71BF809241 Filename: patchSG0004838.dev_sw
Algorithm #1 (sum -r): 17117 2818 patchSG0004838.dev_sw
Algorithm #2 (sum): 18437 2818 patchSG0004838.dev_sw
MD5 checksum: FED63E719498CA1B3AD8615A9568CC2D Filename: patchSG0004838.eoe_sw
Algorithm #1 (sum -r): 30194 14114 patchSG0004838.eoe_sw
Algorithm #2 (sum): 41513 14114 patchSG0004838.eoe_sw
MD5 checksum: 98573E1526D6C9675ED8108769D4F385 Filename: patchSG0004838.eoe_sw64
Algorithm #1 (sum -r): 43406 5399 patchSG0004838.eoe_sw64
Algorithm #2 (sum): 32065 5399 patchSG0004838.eoe_sw64
MD5 checksum: DA06569D206C45411DEF7E0C5818204E Filename: patchSG0004838.idb
Algorithm #1 (sum -r): 51210 9 patchSG0004838.idb
Algorithm #2 (sum): 24509 9 patchSG0004838.idb
MD5 checksum: 99F8DFD00B6093E6B13D3101522B162A Filename: patchSG0004838.nfs_sw
Algorithm #1 (sum -r): 12748 116 patchSG0004838.nfs_sw
Algorithm #2 (sum): 12251 116 patchSG0004838.nfs_sw
MD5 checksum: D1230952ADBB05C53AF20138EFF3690A Filename: README.patch.4839
Algorithm #1 (sum -r): 14005 9 README.patch.4839
Algorithm #2 (sum): 13201 9 README.patch.4839
MD5 checksum: 46A8E945CBCC8BCA46FF7FD9D1EA6910 Filename: patchSG0004839
Algorithm #1 (sum -r): 34628 8 patchSG0004839
Algorithm #2 (sum): 10416 8 patchSG0004839
MD5 checksum: 5977417007A971698B094DF1B817FB6F Filename: patchSG0004839.dev_sw
Algorithm #1 (sum -r): 41960 2875 patchSG0004839.dev_sw
Algorithm #2 (sum): 39191 2875 patchSG0004839.dev_sw
MD5 checksum: 2A67C5A6F62548AFFEFA8589DD64AF27 Filename: patchSG0004839.eoe_sw
Algorithm #1 (sum -r): 42870 14337 patchSG0004839.eoe_sw
Algorithm #2 (sum): 61013 14337 patchSG0004839.eoe_sw
MD5 checksum: 348F4806AB2030B734354E9DBB7A7416 Filename: patchSG0004839.eoe_sw64
Algorithm #1 (sum -r): 27069 5458 patchSG0004839.eoe_sw64
Algorithm #2 (sum): 53826 5458 patchSG0004839.eoe_sw64
MD5 checksum: D5C1FB6A8B3FE06DEC02E884DA92FB50 Filename: patchSG0004839.idb
Algorithm #1 (sum -r): 25993 10 patchSG0004839.idb
Algorithm #2 (sum): 48707 10 patchSG0004839.idb
MD5 checksum: A02EA03F18092C44F80DD4BCA8B96A34 Filename: patchSG0004839.nfs_sw
Algorithm #1 (sum -r): 07622 116 patchSG0004839.nfs_sw
Algorithm #2 (sum): 17748 116 patchSG0004839.nfs_sw
MD5 checksum: 8708378B609033A8341B717CC5008BD1 Filename: README.patch.4840
Algorithm #1 (sum -r): 20515 9 README.patch.4840
Algorithm #2 (sum): 58541 9 README.patch.4840
MD5 checksum: 3D64AB943625700D8A7D17DA984EE552 Filename: patchSG0004840
Algorithm #1 (sum -r): 33589 7 patchSG0004840
Algorithm #2 (sum): 8028 7 patchSG0004840
MD5 checksum: 17DF232BE1999A657450C4AE6425E53D Filename: patchSG0004840.dev_sw
Algorithm #1 (sum -r): 58282 2826 patchSG0004840.dev_sw
Algorithm #2 (sum): 36641 2826 patchSG0004840.dev_sw
MD5 checksum: 0BD37AE226BE29536481AB41A5B01C7D Filename: patchSG0004840.eoe_sw
Algorithm #1 (sum -r): 61024 13972 patchSG0004840.eoe_sw
Algorithm #2 (sum): 63438 13972 patchSG0004840.eoe_sw
MD5 checksum: 8DE1DBF47D8B30A8C85BFAF4441E193E Filename: patchSG0004840.eoe_sw64
Algorithm #1 (sum -r): 44518 5364 patchSG0004840.eoe_sw64
Algorithm #2 (sum): 13550 5364 patchSG0004840.eoe_sw64
MD5 checksum: 404D699F3D639A4B27F9CD203202DE96 Filename: patchSG0004840.idb
Algorithm #1 (sum -r): 44412 9 patchSG0004840.idb
Algorithm #2 (sum): 24146 9 patchSG0004840.idb
MD5 checksum: 04D9723849742C3247EC2C1794887C95 Filename: patchSG0004840.nfs_sw
Algorithm #1 (sum -r): 52254 115 patchSG0004840.nfs_sw
Algorithm #2 (sum): 57763 115 patchSG0004840.nfs_sw
MD5 checksum: AFE6A163705946DD64FBC771402672BE Filename: README.patch.4841
Algorithm #1 (sum -r): 39516 8 README.patch.4841
Algorithm #2 (sum): 51942 8 README.patch.4841
MD5 checksum: 0DF3A6DD4089A091107B85F1C452B4FD Filename: patchSG0004841
Algorithm #1 (sum -r): 21644 7 patchSG0004841
Algorithm #2 (sum): 26440 7 patchSG0004841
MD5 checksum: 170C62A295C551DDAF9F1B2AFCB5CC6F Filename: patchSG0004841.dev_sw
Algorithm #1 (sum -r): 55759 2871 patchSG0004841.dev_sw
Algorithm #2 (sum): 18216 2871 patchSG0004841.dev_sw
MD5 checksum: 35CD9FC24D8B6C5336AD2E92491D7CB1 Filename: patchSG0004841.eoe_sw
Algorithm #1 (sum -r): 55359 14385 patchSG0004841.eoe_sw
Algorithm #2 (sum): 13255 14385 patchSG0004841.eoe_sw
MD5 checksum: D78BD738AC236A1E365C951C694E7DBF Filename: patchSG0004841.eoe_sw64
Algorithm #1 (sum -r): 11901 5507 patchSG0004841.eoe_sw64
Algorithm #2 (sum): 1227 5507 patchSG0004841.eoe_sw64
MD5 checksum: 0ABBC1280C1C575E26703F99E2B95679 Filename: patchSG0004841.idb
Algorithm #1 (sum -r): 35148 9 patchSG0004841.idb
Algorithm #2 (sum): 24716 9 patchSG0004841.idb
MD5 checksum: 72DF4286A116FE33989B57C73CA8491A Filename: patchSG0004841.nfs_sw
Algorithm #1 (sum -r): 01746 115 patchSG0004841.nfs_sw
Algorithm #2 (sum): 45471 115 patchSG0004841.nfs_sw
MD5 checksum: 2E4FACCCF7FBFD8C4BE97CFB9B04964E Filename: README.patch.4842
Algorithm #1 (sum -r): 14274 9 README.patch.4842
Algorithm #2 (sum): 163 9 README.patch.4842
MD5 checksum: EA36BFA20213B334DA8629D63776A58A Filename: patch4842.chksums.only
Algorithm #1 (sum -r): 21612 1 patch4842.chksums.only
Algorithm #2 (sum): 12946 1 patch4842.chksums.only
MD5 checksum: 90D3A42670B02F2694AF9D81606EB121 Filename: patch4842.pgp.and.chksums
Algorithm #1 (sum -r): 10982 1 patch4842.pgp.and.chksums
Algorithm #2 (sum): 36306 1 patch4842.pgp.and.chksums
MD5 checksum: 7B754813CC95136AB0BABD79D0A6DD98 Filename: patchSG0004842
Algorithm #1 (sum -r): 33358 8 patchSG0004842
Algorithm #2 (sum): 56140 8 patchSG0004842
MD5 checksum: 2CF724DB759B31426CC6449C4B482643 Filename: patchSG0004842.dev_sw
Algorithm #1 (sum -r): 64975 2819 patchSG0004842.dev_sw
Algorithm #2 (sum): 54094 2819 patchSG0004842.dev_sw
MD5 checksum: EFCDC46B2D915E443987E76FD558BBCE Filename: patchSG0004842.eoe_sw
Algorithm #1 (sum -r): 04239 13999 patchSG0004842.eoe_sw
Algorithm #2 (sum): 5063 13999 patchSG0004842.eoe_sw
MD5 checksum: 42BA5415EDBF8BF87BF1CEF940297176 Filename: patchSG0004842.eoe_sw64
Algorithm #1 (sum -r): 62079 5370 patchSG0004842.eoe_sw64
Algorithm #2 (sum): 15526 5370 patchSG0004842.eoe_sw64
MD5 checksum: C05E2C12ABD1A8B4186B4D1D04227AE9 Filename: patchSG0004842.idb
Algorithm #1 (sum -r): 56186 9 patchSG0004842.idb
Algorithm #2 (sum): 36284 9 patchSG0004842.idb
MD5 checksum: DFD4AE06B37ABCE5DC8B1E7D0E4D593C Filename: README.patch.4843
Algorithm #1 (sum -r): 24801 9 README.patch.4843
Algorithm #2 (sum): 184 9 README.patch.4843
MD5 checksum: B8FF9691288E65F9E0F3E0D033BA03B9 Filename: patchSG0004843
Algorithm #1 (sum -r): 38630 8 patchSG0004843
Algorithm #2 (sum): 45967 8 patchSG0004843
MD5 checksum: E9F5395B41BB98DA493F95B6740A40C0 Filename: patchSG0004843.dev_sw
Algorithm #1 (sum -r): 57071 2875 patchSG0004843.dev_sw
Algorithm #2 (sum): 47966 2875 patchSG0004843.dev_sw
MD5 checksum: 2352B26245F960BD74EE560A32BD09AC Filename: patchSG0004843.eoe_sw
Algorithm #1 (sum -r): 54319 14237 patchSG0004843.eoe_sw
Algorithm #2 (sum): 9088 14237 patchSG0004843.eoe_sw
MD5 checksum: 03D46304F9D281FE3EBB4269129ED71A Filename: patchSG0004843.eoe_sw64
Algorithm #1 (sum -r): 53290 5426 patchSG0004843.eoe_sw64
Algorithm #2 (sum): 45901 5426 patchSG0004843.eoe_sw64
MD5 checksum: 455F0E5F967003BF5C193728AC027324 Filename: patchSG0004843.idb
Algorithm #1 (sum -r): 25411 9 patchSG0004843.idb
Algorithm #2 (sum): 36397 9 patchSG0004843.idb
MD5 checksum: E9F6235ADFA442C7A8388785D7AE984A Filename: patchSG0004843.nfs_sw
Algorithm #1 (sum -r): 07004 115 patchSG0004843.nfs_sw
Algorithm #2 (sum): 7005 115 patchSG0004843.nfs_sw
MD5 checksum: 8355903908696CF88F6C8474B1441E5F Filename: README.patch.4845
Algorithm #1 (sum -r): 19621 9 README.patch.4845
Algorithm #2 (sum): 63174 9 README.patch.4845
MD5 checksum: 5D7D0872F054F678FC73ADD9A7927A0B Filename: patchSG0004845
Algorithm #1 (sum -r): 60677 7 patchSG0004845
Algorithm #2 (sum): 13336 7 patchSG0004845
MD5 checksum: 7F3ED1EC3C69BAA0F684CE257ABAA9DE Filename: patchSG0004845.dev_sw
Algorithm #1 (sum -r): 64467 2870 patchSG0004845.dev_sw
Algorithm #2 (sum): 36886 2870 patchSG0004845.dev_sw
MD5 checksum: DF9B3BE33373A9B5F310C771DA9919FC Filename: patchSG0004845.eoe_sw
Algorithm #1 (sum -r): 14438 14238 patchSG0004845.eoe_sw
Algorithm #2 (sum): 52196 14238 patchSG0004845.eoe_sw
MD5 checksum: 0752B61F0C5F78165B0864A143F12F5D Filename: patchSG0004845.eoe_sw64
Algorithm #1 (sum -r): 61870 5427 patchSG0004845.eoe_sw64
Algorithm #2 (sum): 63001 5427 patchSG0004845.eoe_sw64
MD5 checksum: 1FD7650F3A0CA53984F55C97422B6FA5 Filename: patchSG0004845.idb
Algorithm #1 (sum -r): 17076 9 patchSG0004845.idb
Algorithm #2 (sum): 24881 9 patchSG0004845.idb
MD5 checksum: E78AB9246B89958F691F3F7F3C177D2C Filename: patchSG0004845.nfs_sw
Algorithm #1 (sum -r): 29287 115 patchSG0004845.nfs_sw
Algorithm #2 (sum): 59944 115 patchSG0004845.nfs_sw
MD5 checksum: FA80429C42EA051F4F03173C27605BC6 Filename: README.patch.4846
Algorithm #1 (sum -r): 11014 8 README.patch.4846
Algorithm #2 (sum): 53086 8 README.patch.4846
MD5 checksum: 2C079AD39C98F6D6EE41F37674FD894A Filename: patchSG0004846
Algorithm #1 (sum -r): 62823 7 patchSG0004846
Algorithm #2 (sum): 15205 7 patchSG0004846
MD5 checksum: 3FD1F15E1049B60567936DD178615052 Filename: patchSG0004846.dev_sw
Algorithm #1 (sum -r): 54372 2915 patchSG0004846.dev_sw
Algorithm #2 (sum): 26322 2915 patchSG0004846.dev_sw
MD5 checksum: 81EB7CA9497F9A3B9F517E0AAC513C2C Filename: patchSG0004846.eoe_sw
Algorithm #1 (sum -r): 57605 14590 patchSG0004846.eoe_sw
Algorithm #2 (sum): 20324 14590 patchSG0004846.eoe_sw
MD5 checksum: 7C8C11F425B9AFA3306A64CFD1C456DE Filename: patchSG0004846.eoe_sw64
Algorithm #1 (sum -r): 47150 5597 patchSG0004846.eoe_sw64
Algorithm #2 (sum): 46479 5597 patchSG0004846.eoe_sw64
MD5 checksum: D9D3B4B3FEEC03E66A26C28F62873050 Filename: patchSG0004846.idb
Algorithm #1 (sum -r): 55346 9 patchSG0004846.idb
Algorithm #2 (sum): 24828 9 patchSG0004846.idb
MD5 checksum: 5CB936EAE37711BC192D278A6673D9FE Filename: patchSG0004846.nfs_sw
Algorithm #1 (sum -r): 19473 115 patchSG0004846.nfs_sw
Algorithm #2 (sum): 45973 115 patchSG0004846.nfs_sw
MD5 checksum: 048B53C03E380E4A1370BC573078FBA2 - --- Acknowledgments ---- SGI wishes to thank CERT and the users of the Internet Community at large
for their assistance in this matter. - --- Links --- SGI Security Advisories can be found at: http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/ SGI Security Patches can be found at: http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/ SGI patches for IRIX can be found at the following patch servers: http://support.sgi.com/irix/ and ftp://patches.sgi.com/ SGI freeware updates for IRIX can be found at: http://freeware.sgi.com/ SGI fixes for SGI open sourced code can be found on: http://oss.sgi.com/projects/ SGI patches and RPMs for Linux can be found at: http://support.sgi.com/linux/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/ SGI patches for Windows NT or 2000 can be found at: http://support.sgi.com/nt/ IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at: http://support.sgi.com/irix/ and ftp://patches.sgi.com/support/patchset/ IRIX 6.5 Maintenance Release Streams can be found at: http://support.sgi.com/colls/patches/tools/relstream/index.html IRIX 6.5 Software Update CDs can be obtained from: http://support.sgi.com/irix/swupdates/ The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/ For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not do a
real-time update. - --- SGI Security Information/Contacts --- If there are questions about this document, email can be sent to
security-info@sgi.com. ------oOo------ SGI provides security information and patches for use by the entire SGI
community. This information is freely available to any person needing the
information and is available via anonymous FTP and the Web. The primary SGI anonymous FTP site for security advisories and patches is
patches.sgi.com (216.32.174.211). Security advisories and patches are
located under the URL ftp://patches.sgi.com/support/free/security/ The SGI Security Headquarters Web page is accessible at the URL: http://www.sgi.com/support/security/ For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com. For assistance obtaining or working with security patches, please
contact your SGI support provider. ------oOo------ SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email) all
SGI Security Advisories when they are released. Subscribing to the mailing
list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html) or by sending email to
SGI as outlined below. % mail wiretap-request@sgi.com
subscribe wiretap
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 08, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: January 28, 2003
Affected
Sun confirms that this denial-of-service vulnerability does affect the following supported versions of Solaris: Solaris 2.6 and 7 Solaris 8 and 9 are not affected by this issue. Patches are available for Solaris 2.6 and 7 and are listed in a Sun Alert soon to be available from: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/50391 Sun patches are available from: http://sunsolve.sun.com/securitypatch
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 14, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 07, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 07, 2002 Updated: October 14, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.