[rescue] IRIX libcpr vulnerability
Kevin
kevin at mpcf.com
Wed May 26 14:08:58 CDT 2004
> -----BEGIN PGP SIGNED MESSAGE-----
>
> ______________________________________________________________
> ________________
>
> SGI Security Advisory
>
> Title: libcpr vulnerability
> Number: 20040507-01-P
> Date: May 26, 2004
> Reference: SGI BUG 914419
> Reference: CVE CAN-2004-0134
> Fixed in: Patches 5606, 5607, 5608, 5609 and 5610
> ______________________________________________________________
> ________________
>
> SGI provides this information freely to the SGI user community
> for its consideration, interpretation, implementation and use.
> SGI recommends
> that this information be acted upon as soon as possible.
>
> SGI provides the information in this Security Advisory on an
> "AS-IS" basis only, and disclaims all warranties with respect
> thereto, express, implied or otherwise, including, without
> limitation, any warranty of merchantability or fitness for a
> particular purpose. In no event shall SGI be liable for any
> loss of profits, loss of business, loss of data or
>
> for any indirect, special, exemplary, incidental or
> consequential damages of any kind arising from your use of,
> failure to use or improper use of any of the instructions or
> information in this Security
> Advisory._____________________________________________________
> ________________________
>
> - -----------------------
> - --- Issue Specifics ---
> - -----------------------
>
> Adam Gowdiak from the Poznan Supercomputing and Networking
> Center has reported that under certain conditions /usr/sbin/cpr
> binary can be forced to load a user provided library while
> restarting the checkpointed process which can be used to obtain
> root user privileges.
>
> SGI has assigned the following Common Vulnerabilities and
> Exposures(cve.mitre.org) name to this vulnerability:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0134
>
> SGI has investigated the issue and recommends the following
> steps for resolving this issue. It is HIGHLY RECOMMENDED that
> these measures be implemented on ALL vulnerable SGI systems.
> This issue has been corrected in future releases of IRIX.
>
>
> - --------------
> - --- Impact ---
> - --------------
>
> To determine the version of IRIX you are running, execute the
> following command:
>
> # /bin/uname -R
>
> That will return a result similar to the following:
>
> # 6.5 6.5.21f
>
> The first number ("6.5") is the release name, the second
> ("6.5.21f" in this case) is the extended release name. The
> extended release name is the "version" we refer to throughout
> this document.
>
>
> - ----------------
> - --- Solution ---
> - ----------------
>
> SGI has provided a series of patches for these vulnerabilities.
> Our recommendation is to upgrade to IRIX 6.5.25, or install the
> appropriate patches.
>
> OS Version Vulnerable? Patch # Other Actions
> - ---------- ----------- ------- -------------
> IRIX 3.x unknown Note 1
> IRIX 4.x unknown Note 1
> IRIX 5.x unknown Note 1
> IRIX 6.0.x unknown Note 1
> IRIX 6.1 unknown Note 1
> IRIX 6.2 unknown Note 1
> IRIX 6.3 unknown Note 1
> IRIX 6.4 unknown Note 1
> IRIX 6.5 unknown Note 1
> IRIX 6.5.1 unknown Note 1
> IRIX 6.5.2 unknown Note 1
> IRIX 6.5.3 unknown Note 1
> IRIX 6.5.4 unknown Note 1
> IRIX 6.5.5 unknown Note 1
> IRIX 6.5.6 unknown Note 1
> IRIX 6.5.7 unknown Note 1
> IRIX 6.5.8 unknown Note 1
> IRIX 6.5.9 unknown Note 1
> IRIX 6.5.10 unknown Note 1
> IRIX 6.5.11 unknown Note 1
> IRIX 6.5.12 unknown Note 1
> IRIX 6.5.13 unknown Note 1
> IRIX 6.5.14 unknown Note 1
> IRIX 6.5.15 unknown Note 1
> IRIX 6.5.16 unknown Note 1
> IRIX 6.5.17 unknown Note 1
> IRIX 6.5.18 unknown Note 1
> IRIX 6.5.19 unknown Note 1
> IRIX 6.5.20m yes 5606 Notes 2 & 3
> IRIX 6.5.20f yes 5607 Notes 2 & 3
> IRIX 6.5.21 yes 5608 Notes 2 & 3
> IRIX 6.5.22 yes 5609 Notes 2 & 3
> IRIX 6.5.23 yes 5609 Notes 2 & 3
> IRIX 6.5.24 yes 5610 Notes 2 & 3
> IRIX 6.5.25 no
>
> NOTES
>
> 1) This version of the IRIX operating system is not
> actively supported.
> Upgrade to an actively supported IRIX operating system.
> See http://support.sgi.com/ for more information.
>
> 2) If you have not received an IRIX 6.5.X CD for IRIX 6.5,
> contact
> your SGI Support Provider or URL:
> http://support.sgi.com/
>
> 3) Install the required patch(es) based on your operating
> release.
>
>
> ##### Patch File Checksums ####
>
> The actual patch will be a tar file containing the following
> files: Filename: README.patch.5606
> Algorithm #1 (sum -r): 37588 8 README.patch.5606
> Algorithm #2 (sum): 32901 8 README.patch.5606
> MD5 checksum: B5C3F81FF84AC7C9698FF5FBFCD23DD5
>
> Filename: patchSG0005606
> Algorithm #1 (sum -r): 37659 5 patchSG0005606
> Algorithm #2 (sum): 7464 5 patchSG0005606
> MD5 checksum: C3AC7041D0BAE3F439A0426EFCB9C4CD
>
> Filename: patchSG0005606.eoe_man
> Algorithm #1 (sum -r): 37809 29 patchSG0005606.eoe_man
> Algorithm #2 (sum): 6758 29 patchSG0005606.eoe_man
> MD5 checksum: 0B817D89AE398F9B74A22EBF82FA53D7
>
> Filename: patchSG0005606.eoe_sw
> Algorithm #1 (sum -r): 60939 1681 patchSG0005606.eoe_sw
> Algorithm #2 (sum): 42966 1681 patchSG0005606.eoe_sw
> MD5 checksum: BA965ED4F5B925F043B2BCDB29D1E5E4
>
> Filename: patchSG0005606.eoe_sw64
> Algorithm #1 (sum -r): 16988 1719 patchSG0005606.eoe_sw64
> Algorithm #2 (sum): 7922 1719 patchSG0005606.eoe_sw64
> MD5 checksum: 3C548C5DE1C693BDAA262AF0F8A349B7
>
> Filename: patchSG0005606.idb
> Algorithm #1 (sum -r): 48114 3 patchSG0005606.idb
> Algorithm #2 (sum): 45251 3 patchSG0005606.idb
> MD5 checksum: 7BE6C64724B749060DC208D581530059
>
> Filename: README.patch.5607
> Algorithm #1 (sum -r): 04156 9 README.patch.5607
> Algorithm #2 (sum): 62950 9 README.patch.5607
> MD5 checksum: 0A2EFE3AC5BC04E81A715E958FF1ED4A
>
> Filename: patchSG0005607
> Algorithm #1 (sum -r): 41377 5 patchSG0005607
> Algorithm #2 (sum): 35341 5 patchSG0005607
> MD5 checksum: 6020A4ED5C6D0E4F7CD07BFAB1E07652
>
> Filename: patchSG0005607.eoe_man
> Algorithm #1 (sum -r): 37809 29 patchSG0005607.eoe_man
> Algorithm #2 (sum): 6758 29 patchSG0005607.eoe_man
> MD5 checksum: 0B817D89AE398F9B74A22EBF82FA53D7
>
> Filename: patchSG0005607.eoe_sw
> Algorithm #1 (sum -r): 07626 1847 patchSG0005607.eoe_sw
> Algorithm #2 (sum): 59526 1847 patchSG0005607.eoe_sw
> MD5 checksum: 7F85081459DBF8A512FD2FFBD9AD1D37
>
> Filename: patchSG0005607.eoe_sw64
> Algorithm #1 (sum -r): 27243 1720 patchSG0005607.eoe_sw64
> Algorithm #2 (sum): 31616 1720 patchSG0005607.eoe_sw64
> MD5 checksum: 68CC0D6EC13DAC63F11BE0C971250294
>
> Filename: patchSG0005607.idb
> Algorithm #1 (sum -r): 32428 4 patchSG0005607.idb
> Algorithm #2 (sum): 26167 4 patchSG0005607.idb
> MD5 checksum: BE05BCF4016B097EF4225479B66B506A
>
> Filename: README.patch.5608
> Algorithm #1 (sum -r): 44575 8 README.patch.5608
> Algorithm #2 (sum): 32934 8 README.patch.5608
> MD5 checksum: 61695BFDD1A066D99FF588BF45357361
>
> Filename: patchSG0005608
> Algorithm #1 (sum -r): 16737 4 patchSG0005608
> Algorithm #2 (sum): 59501 4 patchSG0005608
> MD5 checksum: ED7D6F6A9486FFA247152A041355369D
>
> Filename: patchSG0005608.eoe_man
> Algorithm #1 (sum -r): 38217 30 patchSG0005608.eoe_man
> Algorithm #2 (sum): 34665 30 patchSG0005608.eoe_man
> MD5 checksum: 5640D001B448B2A37F2852D299C6D584
>
> Filename: patchSG0005608.eoe_sw
> Algorithm #1 (sum -r): 65175 1695 patchSG0005608.eoe_sw
> Algorithm #2 (sum): 59497 1695 patchSG0005608.eoe_sw
> MD5 checksum: 25ABFCCE90C4807F2D03D21D74A48C2B
>
> Filename: patchSG0005608.eoe_sw64
> Algorithm #1 (sum -r): 09274 1718 patchSG0005608.eoe_sw64
> Algorithm #2 (sum): 10352 1718 patchSG0005608.eoe_sw64
> MD5 checksum: E570B855EBDB9606B84B60B3FFB171C1
>
> Filename: patchSG0005608.idb
> Algorithm #1 (sum -r): 47068 3 patchSG0005608.idb
> Algorithm #2 (sum): 45435 3 patchSG0005608.idb
> MD5 checksum: 336B55C8AA738819E801EB674F3F4AD8
>
> Filename: README.patch.5609
> Algorithm #1 (sum -r): 57021 8 README.patch.5609
> Algorithm #2 (sum): 23379 8 README.patch.5609
> MD5 checksum: 9585A8388D55FD6E5D8496CFD3D3B07F
>
> Filename: patchSG0005609
> Algorithm #1 (sum -r): 31065 3 patchSG0005609
> Algorithm #2 (sum): 13185 3 patchSG0005609
> MD5 checksum: 7E8140FE524B1B42D411D8CF08363B23
>
> Filename: patchSG0005609.eoe_sw
> Algorithm #1 (sum -r): 42020 1689 patchSG0005609.eoe_sw
> Algorithm #2 (sum): 42175 1689 patchSG0005609.eoe_sw
> MD5 checksum: F211BA20C8ADDB51E75DE1D790331D45
>
> Filename: patchSG0005609.eoe_sw64
> Algorithm #1 (sum -r): 02074 1710 patchSG0005609.eoe_sw64
> Algorithm #2 (sum): 24791 1710 patchSG0005609.eoe_sw64
> MD5 checksum: A2AC8FB26FF1B4723251B30E80E1E486
>
> Filename: patchSG0005609.idb
> Algorithm #1 (sum -r): 18602 3 patchSG0005609.idb
> Algorithm #2 (sum): 23438 3 patchSG0005609.idb
> MD5 checksum: F6E5E81876FC2F79DE2F77CB539EC453
>
> Filename: README.patch.5610
> Algorithm #1 (sum -r): 51110 8 README.patch.5610
> Algorithm #2 (sum): 20293 8 README.patch.5610
> MD5 checksum: 9800BD29494DB131DF267C73152CAA27
>
> Filename: patchSG0005610
> Algorithm #1 (sum -r): 20688 3 patchSG0005610
> Algorithm #2 (sum): 5422 3 patchSG0005610
> MD5 checksum: AE133E85CD9516BF1A2C318851418D8F
>
> Filename: patchSG0005610.eoe_sw
> Algorithm #1 (sum -r): 14132 1682 patchSG0005610.eoe_sw
> Algorithm #2 (sum): 2892 1682 patchSG0005610.eoe_sw
> MD5 checksum: 277CEB35D636450629DB25AC2743266A
>
> Filename: patchSG0005610.eoe_sw64
> Algorithm #1 (sum -r): 27314 1700 patchSG0005610.eoe_sw64
> Algorithm #2 (sum): 6892 1700 patchSG0005610.eoe_sw64
> MD5 checksum: 62284868F4DAEDCBD85B6A7EDDA02F58
>
> Filename: patchSG0005610.idb
> Algorithm #1 (sum -r): 38492 3 patchSG0005610.idb
> Algorithm #2 (sum): 23256 3 patchSG0005610.idb
> MD5 checksum: 3252933C83413CE3EFA45E17897BE9AA
>
>
> - ------------------------
> - --- Acknowledgments ----
> - ------------------------
>
> SGI wishes to thank Adam Gowdiak and the Poznan Supercomputing
> and Networking Center for their assistance in this matter.
>
>
> - -------------
> - --- Links ---
> - -------------
>
> SGI Security Advisories can be found at:
> http://www.sgi.com/support/security/ and
> ftp://patches.sgi.com/support/free/security/advisories/
>
> Red Hat Errata: Security Alerts, Bugfixes, and Enhancements
> http://www.redhat.com/apps/support/errata/
>
> SGI Advanced Linux Environment security updates can found on:
> ftp://oss.sgi.com/projects/sgi_propack/download/
>
> SGI patches can be found at the following patch servers:
> http://support.sgi.com/
>
> The primary SGI anonymous FTP site for security advisories and
> security patches is
> ftp://patches.sgi.com/support/free/security/
>
>
> - -----------------------------------------
> - --- SGI Security Information/Contacts ---
> - -----------------------------------------
>
> If there are questions about this document, email can be sent
> to security-info at sgi.com.
>
> ------oOo------
>
> SGI provides security information and patches for use by the
> entire SGI community. This information is freely available to
> any person needing the information and is available via
> anonymous FTP and the Web.
>
> The primary SGI anonymous FTP site for security advisories and
> patches is patches.sgi.com. Security advisories and patches
> are located under the URL
> ftp://patches.sgi.com/support/free/security/
>
> The SGI Security Headquarters Web page is accessible at the
> URL: http://www.sgi.com/support/security/
>
> For issues with the patches on the FTP sites, email can be sent
> to security-info at sgi.com.
>
> For assistance obtaining or working with security patches,
> please contact your SGI support provider.
>
> ------oOo------
>
> SGI provides a free security mailing list service called
> wiretap and encourages interested parties to self-subscribe to
> receive (via email) all SGI Security Advisories when they are
> released. Subscribing to the mailing list can be done via the
> Web(http://www.sgi.com/support/security/wiretap.html) or by
> sending email to SGI as outlined below.
>
> % mail wiretap-request at sgi.com
> subscribe wiretap < YourEmailAddress such as midwatch at sgi.com >
> end
> ^d
>
> In the example above, <YourEmailAddress> is the email address
> that you wish the mailing list information sent to. The word
> end must be on a separate line to indicate the end of the body
> of the message. The control-d (^d) is used to indicate to the
> mail program that you are finished composing the mail message.
>
>
> ------oOo------
>
> SGI provides a comprehensive customer World Wide Web site. This
> site is located at http://www.sgi.com/support/security/ .
>
> ------oOo------
>
> If there are general security questions on SGI systems, email
> can be sent to security-info at sgi.com.
>
> For reporting *NEW* SGI security issues, email can be sent to
> security-alert at sgi.com or contact your SGI support provider. A
> support contract is not required for submitting a security
> report.
>
> ______________________________________________________________
> ________________
> This information is provided freely to all interested
> parties and may be redistributed provided that it is not
> altered in any way, SGI is appropriately credited and the
> document retains and includes its valid PGP signature.
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBQLTG0rQ4cFApAP75AQGuxwP+NWbyADTnKYGHYSgiKT1tdIukggG+/V
> xi
> TCCRzTBJ7PL2Lhv+qbCmDNMl7UX4WXYAsTxSP760zk8jiUR6JXOgDLhbYFK5bA
> BA
> eqBMaZWDMK7L+1IVl94Rvw7/5xXkQ05FGAdiQpVH2LtsszNzZiLeV5Eto3gTuu
> Ar+zJC2vc6oQA=
> =2E6X
> -----END PGP SIGNATURE-----
--
"Make it idiot proof and someone will make a better idiot."
keyserver: http://pgp.mit.edu/
More information about the rescue
mailing list