[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SGI IRIX Help Vulnerability

Title: SGI IRIX Help Vulnerability
Released by: CERT
Date: 11th August 1994
Printable version: Click here

Hash: SHA1


CERT(*) Advisory CA-94:13

Original issue date:  August 11, 1994

Last revised: September 23, 1997        

                Updated Copyright statement

Topic: SGI IRIX Help Vulnerability

- -----------------------------------------------------------------------------

The CERT Coordination Center has received information about a vulnerability in

the Silicon Graphics, Inc. IRIX operating system, versions 5.1.x and 5.2.

This vulnerability enables users to gain unauthorized root access. To

exploit the vulnerability, a person must log into an account on the system

or have physical access to the system console.

SGI has developed a patch for the vulnerability. Because the vulnerability has

been widely discussed in public forums on the Internet, we recommend that you

install the patch as soon as possible. Section III below contains

instructions for obtaining the patch, along with a workaround you can use

until you install it.

We will update this advisory as we receive additional information.

Please check advisory files regularly for updates that relate to your site.

- -----------------------------------------------------------------------------

I.   Description

A vulnerability exists in the SGI help system and print manager, enabling

users to get unauthorized root access if they can log into an account on the

system or get physical access to the system console. The vulnerability is

present in the SGI IRIX operating system, versions 5.1.x and 5.2. SGI reports

that the problem will be permanently corrected in a future release of IRIX.

In public discussions, the vulnerability has been referred to by various

names, including clogin, printer manager, and SGI Help.

II.  Impact

Individuals with accounts on the system or physical access to the system

console can obtain root access.

III. Solutions

     A.  For IRIX 5.2

         If you are running IRIX 5.2, obtain and install patch65 according

         to the instructions provided. These instructions can be found in the

         "relnotes.patchSG0000065" file in the patch65.tar file (see below).

         To install this patch successfully, you need to have the latest SGI

         "inst" program installed (this is available as patch00 or patch34).

         SGI has provided instructions for determining if the new install

         program is on your system. We have placed these in an appendix

         at the end of this advisory.

         These patches are available by anonymous FTP from ftp.sgi.com and

         from sgigate.sgi.com in the "/security" directory.

         Filename           patch65.tar

         Standard Unix Sum  63059 1220

         System V Sum       15843 2440

         MD5                af8c120f86daab9df74998b31927e397

         Filename           patch34.tar.Z

         Standard Unix Sum  11066 15627

         System V Sum       1674 31253

         MD5                2859d0debff715c5beaccd02b6bebded

         Patches are available on CD. Contact your nearest SGI service

         provider for distribution.

     B.  For IRIX 5.1.x

         If you are running versions 5.1.x, SGI recommends that you upgrade to

         version 5.2, if possible, and then follow the instructions in Section

         III.A. above. If you cannot upgrade to 5.2, see the workaround

         instructions in III.C.

     C.  Workaround

         If you cannot install the patches or are delayed in obtaining them,

         SGI recommends removing the help subsystem using the following

         command (as root):

                # versions remove sgihelp.sw.eoe

         PLEASE NOTE:  Removal of this subsystem will affect other

         installed software that use the SGI Help system. After

         the removal, certain help functions from within applications

         will return non-fatal error messages about the missing subsystem.

         At a later date, when the patch can be installed on the system,

         you will need to re-install the previously removed SGI Help software

         prior to installing patch65. This can be found on your original

         software distribution (CD labeled as IRIX 5.2). As root, use the


                # inst -f /CDROM/dist/sgihelp

                Inst> install sgihelp.sw.eoe

                Inst> go

         The installation documentation provides further information.



There are three patches related to this issue - patch00, patch34, and patch65.

Patch34 is an update to patch00 which modifies the "inst" program to

be able to handle patch updates.  At least one of patch00 or patch34

is required to be installed before installing patch65.  To determine

if the new inst program is already installed on your system,

the following command can be issued:

        # versions patch\*

        I = Installed, R = Removed

           Name                 Date      Description

        I  patchSG0000034       08/10/94  Patch SG0000034

        I  patchSG0000034.eoe1_sw 08/10/94 IRIX Execution Environment Software

        I  patchSG0000034.eoe1_sw.unix 08/10/94 IRIX Execution Environment

If patchSG0000000 or patchSG0000034 (as seen above) is loaded,

then it is only necessary to download patch65 as described in the advisory.

This is important since patch34 is rather large (16MB).

Otherwise, download both patch34 and patch65.  Install patch34 first,

then patch65.  To install patch34, uncompress and untar "patch34.tar.Z"

and follow the instructions in the "README.FIRST" file.

These patches are available by anonymous FTP from ftp.sgi.com

in the "security" directory:

                Standard      System V       MD5

                Unix          Unix           Digital Signature

patch34.tar.Z:  11066 15627   1674 31253     2859d0debff715c5beaccd02b6bebded

patch65.tar:    63059 1220    15843 2440     af8c120f86daab9df74998b31927e397

- ---------------------------------------------------------------------------

The CERT Coordination Center wishes to thank Silicon Graphics, Inc., for their

cooperation in responding to this problem and members of the AUSCERT and CIAC

response teams for their contributions to this advisory.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in Forum of Incident

Response and Security Teams (FIRST).

If you wish to send sensitive incident or vulnerability information to

CERT via electronic mail, CERT strongly advises that the e-mail be

encrypted. CERT can support a shared DES key, PGP (public key

available via anonymous FTP on info.cert.org), or PEM (contact CERT

for details).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),

           and are on call for emergencies during other hours.

CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890


Past advisories, information about FIRST representatives, and other

information related to computer security are available for

anonymous FTP from info.cert.org.

- ------------------------------------------------------------------------------

Copyright 1994, 1996 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision history

Sep. 23, 1997  Updated copyright statement

Aug. 30, 1996  Information previously in the README was inserted

               into the advisory.


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.