SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   SGI Kernel Vendors:   SGI (Silicon Graphics)
SGI 'bsd.a' Kernel Networking Flaw Has Unspecified Impact
SecurityTracker Alert ID:  1011451
SecurityTracker URL:  http://securitytracker.com/id/1011451
CVE Reference:   CVE-2004-0139   (Links to External Site)
Date:  Sep 29 2004
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): IRIX 6.5.25 and prior versions
Description:   A vulnerability was reported in the 'bsd.a' kernel networking functions in SGI's IRIX operating system. The impact was not specified.

The vendor reported a vulnerability related to file descriptor usage and the t_bind() and t_unbind() system calls. No further information was provided.

Impact:   The impact was not specified.
Solution:   The vendor has issued the following patches:

IRIX 6.5.22: 5738
IRIX 6.5.23: 5737
IRIX 6.5.24: 5728
IRIX 6.5.25: 5729

The patches are available at:

http://www.sgi.com/support/security/
ftp://patches.sgi.com/support/free/security/patches/

Vendor URL:  www.sgi.com/ (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents

Subject:  [wiretap] bsd.a kernel networking vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                          SGI Security Advisory

Title:      bsd.a kernel networking vulnerabilities
Number:     20040905-01-P
Date:       September 28, 2004
Reference:  SGI BUG 910841, CVE CAN-2004-0171
Reference:  SGI BUG 913122, CVE CAN-1999-0667
Reference:  SGI BUG 913287, CVE CAN-2004-0230
Reference:  SGI BUG 913386, CVE CVE-1999-0074
Reference:  SGI BUG 916973, CVE CAN-2004-0139
Fixed in:   Patches 5728 5729 5737 & 5738
______________________________________________________________________________

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.   SGI recommends
that this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS"
basis only, and disclaims all warranties with respect thereto, express,
implied or otherwise, including, without limitation, any warranty of
merchantability or fitness for a particular purpose.  In no event shall
SGI be liable for any loss of profits, loss of business, loss of data or

for any indirect, special, exemplary, incidental or consequential
damages
of any kind arising from your use of, failure to use or improper use of
any of the instructions or information in this Security Advisory.
_____________________________________________________________________________

- -----------------------
- --- Issue Specifics ---
- -----------------------

It has been reported thru various channels that there are several
vulnerabilities affecting bsd.a kernel networking.

The bugs addressed by these patches are:

* 910841 no limit on TCP reassembly queue size
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0171

* 913122 IRIX can accept bogus ARP update
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0667

* 913287 Improve handling of RST/SYN packets
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0230
  http://www.uniras.gov.uk/vuls/2004/236929/index.htm

* 913386 ephemeral port selection should be more randomized
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0074
  http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml
  http://securityfocus.com/archive/82/168749/2001-03-08/2001-03-14/0

* 916973 t_unbind changes t_bind's behavior
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0139

There are several non-security fixes included in the patch.

SGI has investigated the issue and recommends the following steps for
resolving this issue.  It is HIGHLY RECOMMENDED that these measures
be implemented on ALL vulnerable SGI systems.


- --------------
- --- Impact ---
- --------------
To determine the version of IRIX you are running, execute the following
command:

  # /bin/uname -R

That will return a result similar to the following:

  # 6.5 6.5.19f

The first number ("6.5") is the release name, the second ("6.5.16f" in
this
case) is the extended release name.  The extended release name is the
"version" we refer to throughout this document.

- ----------------
- --- Solution ---
- ----------------

SGI has provided a series of patches for these vulnerabilities and
recommends that all affected operating systems install the
appropriate patch.

OS Version     Vulnerable?     Patch #      Other Actions
- ----------     -----------     -------      -------------
IRIX 3.x         unknown                        Note 1
IRIX 4.x         unknown                        Note 1
IRIX 5.x         unknown                        Note 1
IRIX 6.0.x       unknown                        Note 1
IRIX 6.1         unknown                        Note 1
IRIX 6.2         unknown                        Note 1
IRIX 6.3         unknown                        Note 1
IRIX 6.4         unknown                        Note 1
IRIX 6.5         unknown                        Note 2
IRIX 6.5.1       unknown                        Note 2
IRIX 6.5.2       unknown                        Note 2
IRIX 6.5.3       unknown                        Note 2
IRIX 6.5.4       unknown                        Note 2
IRIX 6.5.5       unknown                        Note 2
IRIX 6.5.6       unknown                        Note 2
IRIX 6.5.7       unknown                        Note 2
IRIX 6.5.8       unknown                        Note 2
IRIX 6.5.9       unknown                        Note 2
IRIX 6.5.10      unknown                        Note 2
IRIX 6.5.11      unknown                        Note 2
IRIX 6.5.12      unknown                        Note 2
IRIX 6.5.13      unknown                        Note 2
IRIX 6.5.14      unknown                        Note 2
IRIX 6.5.15      unknown                        Note 2
IRIX 6.5.16      unknown                        Note 2
IRIX 6.5.17m     unknown                        Note 2
IRIX 6.5.17f     unknown                        Note 2
IRIX 6.5.18m     unknown                        Note 2 & 3
IRIX 6.5.18f     unknown                        Note 2 & 3
IRIX 6.5.19m     unknown                        Note 2 & 3
IRIX 6.5.19f     unknown                        Note 2 & 3
IRIX 6.5.20m     unknown                        Note 2 & 3
IRIX 6.5.20f     unknown                        Note 2 & 3
IRIX 6.5.21m     unknown                        Notes 2 & 3
IRIX 6.5.21f     unknown                        Notes 2 & 3
IRIX 6.5.22      yes              5738          Notes 2 & 3
IRIX 6.5.23      yes              5737          Notes 2 & 3
IRIX 6.5.24      yes              5728          Notes 2 & 3
IRIX 6.5.25      yes              5729          Notes 2 & 3
   NOTES

     1) This version of the IRIX operating has been retired. Upgrade to
        an actively supported IRIX operating system.  See
        http://support.sgi.com for more information.

     2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact
        your SGI Support Provider or URL: http://support.sgi.com

     3) Install the required patch(es) based on your operating release.

                ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:
Filename:                 README.patch.5728
Algorithm #1 (sum -r):    35186 9 README.patch.5728
Algorithm #2 (sum):       13588 9 README.patch.5728
MD5 checksum:             283FF7F48211DE12A5F701CF63D294B0

Filename:                 patchSG0005728
Algorithm #1 (sum -r):    35786 3 patchSG0005728
Algorithm #2 (sum):       28432 3 patchSG0005728
MD5 checksum:             BD7D37EF3E7A533170D2B5C21FB9953A

Filename:                 patchSG0005728.eoe_sw
Algorithm #1 (sum -r):    13196 6051 patchSG0005728.eoe_sw
Algorithm #2 (sum):       14725 6051 patchSG0005728.eoe_sw
MD5 checksum:             565CAE6A954F429CD4C2A5532F8D466B

Filename:                 patchSG0005728.idb
Algorithm #1 (sum -r):    35935 13 patchSG0005728.idb
Algorithm #2 (sum):       6797 13 patchSG0005728.idb
MD5 checksum:             7C0105CA77139F0E614F7E5505F84495

Filename:                 README.patch.5729
Algorithm #1 (sum -r):    59517 8 README.patch.5729
Algorithm #2 (sum):       39107 8 README.patch.5729
MD5 checksum:             5B079FFE7C41D3AB8FDEDDC19DFEEADD

Filename:                 patchSG0005729
Algorithm #1 (sum -r):    22880 2 patchSG0005729
Algorithm #2 (sum):       57807 2 patchSG0005729
MD5 checksum:             E262646659E28A93193C6F4BA71CDBEE

Filename:                 patchSG0005729.eoe_sw
Algorithm #1 (sum -r):    40147 4498 patchSG0005729.eoe_sw
Algorithm #2 (sum):       56533 4498 patchSG0005729.eoe_sw
MD5 checksum:             3C4CAA38798B6ECF6A27D8F2A7B8179F

Filename:                 patchSG0005729.idb
Algorithm #1 (sum -r):    40084 11 patchSG0005729.idb
Algorithm #2 (sum):       44547 11 patchSG0005729.idb
MD5 checksum:             BA25A75A6B768611640AD4B81F0097B3

Filename:                 README.patch.5737
Algorithm #1 (sum -r):    33924 10 README.patch.5737
Algorithm #2 (sum):       35712 10 README.patch.5737
MD5 checksum:             8E7F5B9E6543C36993DA3BAE88F86161

Filename:                 patchSG0005737
Algorithm #1 (sum -r):    05158 4 patchSG0005737
Algorithm #2 (sum):       57426 4 patchSG0005737
MD5 checksum:             1452B04343D0565A3B7AE4C541E7EEE0

Filename:                 patchSG0005737.eoe_sw
Algorithm #1 (sum -r):    58680 6081 patchSG0005737.eoe_sw
Algorithm #2 (sum):       37111 6081 patchSG0005737.eoe_sw
MD5 checksum:             0ABFEC7A2ABE56C5A4620B2C274A303C

Filename:                 patchSG0005737.idb
Algorithm #1 (sum -r):    50788 13 patchSG0005737.idb
Algorithm #2 (sum):       38116 13 patchSG0005737.idb
MD5 checksum:             D42D48C2568C83171E9314CC81C998BC

Filename:                 README.patch.5738
Algorithm #1 (sum -r):    34257 9 README.patch.5738
Algorithm #2 (sum):       28325 9 README.patch.5738
MD5 checksum:             0BEF17F275BF3624EF05EF90FCD83233

Filename:                 patchSG0005738
Algorithm #1 (sum -r):    54456 4 patchSG0005738
Algorithm #2 (sum):       56616 4 patchSG0005738
MD5 checksum:             FBBE94737D658F28115B9B0265AFAF30

Filename:                 patchSG0005738.eoe_sw
Algorithm #1 (sum -r):    36099 12655 patchSG0005738.eoe_sw
Algorithm #2 (sum):       548 12655 patchSG0005738.eoe_sw
MD5 checksum:             7EE0C37FDE320B0B1602E7E792A741EF

Filename:                 patchSG0005738.idb
Algorithm #1 (sum -r):    08133 32 patchSG0005738.idb
Algorithm #2 (sum):       4380 32 patchSG0005738.idb
MD5 checksum:             6FF1955330B98978174A0132BD54B050


- -------------
- --- Links ---
- -------------
Patches are available via the web, anonymous FTP and from your SGI
service/support provider.

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/advisories/

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and
ftp://patches.sgi.com/support/free/security/patches/

SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at:
http://freeware.sgi.com/

SGI fixes for SGI open sourced code can be found on:
http://oss.sgi.com/projects/

SGI patches and RPMs for Linux can be found at:
http://support.sgi.com/ or
http://oss.sgi.com/projects/sgilinux-combined/download/security-fixes/

SGI patches for Windows NT or 2000 can be found at:
http://support.sgi.com/

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at:
http://support.sgi.com/

IRIX 6.5 Software Update CDs can be obtained from:
http://support.sgi.com/

The primary SGI anonymous FTP site for security advisories and patches
is patches.sgi.com (216.32.174.211).  Security advisories and patches
are located under the URL ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not
do a real-time update.


- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to
security-info@sgi.com.

                      ------oOo------

SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing
the information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches
is patches.sgi.com (216.32.174.211).  Security advisories and patches
are located under the URL ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:
http://www.sgi.com/support/security/

For issues with the patches on the FTP sites, email can be sent to
security-info@sgi.com.

For assistance obtaining or working with security patches, please
contact your SGI support provider.

                      ------oOo------

SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email)
all SGI Security Advisories when they are released. Subscribing to the
mailing list can be done via the Web
(http://www.sgi.com/support/security/wiretap.html)
or by sending email to SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap <YourEmailAddress>
end
^d

In the example above, <YourEmailAddress> is the email address that you
wish the mailing list information sent to.  The word end must be on a
separate line to indicate the end of the body of the message. The
control-d (^d) is used to indicate to the mail program that you are
finished composing the mail message.


                      ------oOo------

SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .

                      ------oOo------

If there are general security questions on SGI systems, email can be
sent to security-info@sgi.com.

For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.
A  support contract is not required for submitting a security report.

______________________________________________________________________________

      This information is provided freely to all interested parties
      and may be redistributed provided that it is not altered in any
      way, SGI is appropriately credited and the document retains and
      includes its valid PGP signature.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQVmQHrQ4cFApAP75AQF32gQAvHbNKUhiV5ypyjN8yIrhy5jgYET1MwfZ
2BbyU84DuaxOSu8WWOZTPWP/wH7WH3i1ODI3YeBAu+0EJNTZFrVu3Cpp5pyX5KS0
lGaW+CuUwXskyqY3+3tHkzD7kD4j+xNzo41pzs/gLHJNVA17O4V2G3A789R+BTgq
G3mBTRkfprA=
=JdgU
-----END PGP SIGNATURE-----
    Copyright 2003, Silicon Graphics, Inc. All Rights Reserved.
    http://www.sgi.com/support/security/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC