[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IRIX Networking Security Updates



                          SGI Security Advisory

 Title:      IRIX Networking Security Updates
 Number:     20050502-01-P
 Date:       May 5, 2004
 Reference:  SGI BUGS 904229, 902072, 901074, 897764, 897747, 894910,
                      890567, 871383, 773203
 Fixed in:   Patches 5454, 5461, 5437, 5466, 5451, 5440, 5415, 5416 and 5510
 Fixed in:   Driver Patches 5509 (.22) and 5513 (.20/.21)

SGI provides this information freely to the SGI user community for its
consideration, interpretation, implementation and use.   SGI recommends
that this information be acted upon as soon as possible.

SGI provides the information in this Security Advisory on an "AS-IS"
basis only, and disclaims all warranties with respect thereto, express,
implied or otherwise, including, without limitation, any warranty of
merchantability or fitness for a particular purpose.  In no event shall
SGI be liable for any loss of profits, loss of business, loss of data or
for any indirect, special, exemplary, incidental or consequential
damages of any kind arising from your use of, failure to use or improper
use of any of the instructions or information in this Security Advisory.

- -----------------------
- --- Issue Specifics ---
- -----------------------

It has been reported thru various channel that there are several
security issues affecting IRIX networking.

 * various fixes to mitigate the non-network consequences of
   extreme UDP/interrupt DoS attacks (SGI BUG 773203, 897764)

 * blocking SYN+FIN and illogical TCP flags combos from achieving
   3-way handshake                   (SGI BUG 871383)

 * ifconfig "-arp" argument does not disable arp requests being
   sent or received                  (SGI BUG 890567)

 * arp DOS vulnerability             (SGI BUG 902072)

These patches also contain non-security fixes. Note that on IRIX 6.5.20
thru IRIX 6.5.22 two patches are required. Both patches MUST be
installed together or system instability could occur.

SGI has investigated the issue and recommends the following steps for
neutralizing the exposure.  It is HIGHLY RECOMMENDED that these measures
be implemented on ALL vulnerable SGI systems.  This issue has been
corrected in future releases of IRIX.

- --------------
- --- Impact ---
- --------------

To determine the version of IRIX you are running, execute the following

  # /bin/uname -R

That will return a result similar to the following:

  # 6.5 6.5.21f

The first number ("6.5") is the release name, the second ("6.5.21f" in
this case) is the extended release name.  The extended release name
is the "version" we refer to throughout this document.

- ----------------
- --- Solution ---
- ----------------

SGI has provided a series of patches for these vulnerabilities. Our
recommendation is to upgrade to IRIX 6.5.23, or install the appropriate

OS Version     Vulnerable?     Patch #      Other Actions
- ----------     -----------     -------      -------------
IRIX 3.x        unknown                     Note 1
IRIX 4.x        unknown                     Note 1
IRIX 5.x        unknown                     Note 1
IRIX 6.0.x      unknown                     Note 1
IRIX 6.1        unknown                     Note 1
IRIX 6.2        unknown                     Note 1
IRIX 6.3        unknown                     Note 1
IRIX 6.4        unknown                     Note 1
IRIX 6.5          yes                       Note 1
IRIX 6.5.1        yes                       Note 1
IRIX 6.5.2        yes                       Note 1
IRIX 6.5.3        yes                       Note 1
IRIX 6.5.4        yes                       Note 1
IRIX 6.5.5        yes                       Note 1
IRIX 6.5.6        yes                       Note 1
IRIX 6.5.7        yes                       Note 1
IRIX 6.5.8        yes                       Note 1
IRIX 6.5.9        yes                       Note 1
IRIX 6.5.10       yes                       Note 1
IRIX 6.5.11       yes                       Note 1
IRIX 6.5.12       yes                       Note 1
IRIX 6.5.13       yes                       Note 1
IRIX 6.5.14       yes                       Note 1
IRIX 6.5.15       yes                       Note 1
IRIX 6.5.16       yes                       Note 1
IRIX 6.5.17m      yes                       Note 1
IRIX 6.5.17f      yes                       Note 1
IRIX 6.5.18m      yes            5454       Notes 2 & 3
IRIX 6.5.18f      yes            5461       Notes 2 & 3
IRIX 6.5.19m      yes            5437       Notes 2 & 3
IRIX 6.5.19f      yes            5466       Notes 2 & 3
IRIX 6.5.20m      yes         5510 & 5513   Notes 2 & 3 (Install both patches)
IRIX 6.5.20f      yes         5440 & 5513   Notes 2 & 3 (Install both patches)
IRIX 6.5.21m      yes         5415 & 5513   Notes 2 & 3 (Install both patches)
IRIX 6.5.21f      yes         5416 & 5513   Notes 2 & 3 (Install both patches)
IRIX 6.5.22m      yes         5469 & 5509   Notes 2 & 3 (Install both patches)


     1) This version of the IRIX operating has been retired or no
        longer actively supported.  Upgrade to an actively supported
        IRIX operating system.  See http://support.sgi.com for
        more information.

     2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact
        your SGI Support Provider or URL: http://support.sgi.com

     3) Install the required patch(es) based on your operating release.
        Note that on IRIX 6.5.20 thru IRIX 6.5.22 two patches are required.
        Both patches MUST be installed in order to prevent system instability.

                ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:
Filename:                 README.patch.5415
Algorithm #1 (sum -r):    47284 9 README.patch.5415
Algorithm #2 (sum):       27264 9 README.patch.5415
MD5 checksum:             D5D46C91056B7DD35F4112134CEACA35

Filename:                 patchSG0005415
Algorithm #1 (sum -r):    28908 4 patchSG0005415
Algorithm #2 (sum):       58155 4 patchSG0005415
MD5 checksum:             10ED9CCEAF8A2F50EE1B22B6B0A76846

Filename:                 patchSG0005415.FDDIXPress_sw
Algorithm #1 (sum -r):    33783 1218 patchSG0005415.FDDIXPress_sw
Algorithm #2 (sum):       3050 1218 patchSG0005415.FDDIXPress_sw
MD5 checksum:             1A759D9AE02A93E416264065B5A497DD

Filename:                 patchSG0005415.eoe_sw
Algorithm #1 (sum -r):    14641 16403 patchSG0005415.eoe_sw
Algorithm #2 (sum):       55901 16403 patchSG0005415.eoe_sw
MD5 checksum:             779D40D1325A016055D272920E780CBF

Filename:                 patchSG0005415.idb
Algorithm #1 (sum -r):    23494 34 patchSG0005415.idb
Algorithm #2 (sum):       44844 34 patchSG0005415.idb
MD5 checksum:             EA7F8B6962E7BDEB9C38AD048C346E1E

Filename:                 README.patch.5416
Algorithm #1 (sum -r):    58977 9 README.patch.5416
Algorithm #2 (sum):       29248 9 README.patch.5416
MD5 checksum:             99EA2CBA3A2BA355CD3ECED766ED4C4B

Filename:                 patchSG0005416
Algorithm #1 (sum -r):    20741 4 patchSG0005416
Algorithm #2 (sum):       1355 4 patchSG0005416
MD5 checksum:             708306456E4FA752453282DAE3EBDEF4

Filename:                 patchSG0005416.FDDIXPress_sw
Algorithm #1 (sum -r):    03290 1219 patchSG0005416.FDDIXPress_sw
Algorithm #2 (sum):       24824 1219 patchSG0005416.FDDIXPress_sw
MD5 checksum:             3EFA63D7ABE80B15EFCA185D87CBF9D9

Filename:                 patchSG0005416.eoe_sw
Algorithm #1 (sum -r):    52293 16481 patchSG0005416.eoe_sw
Algorithm #2 (sum):       46042 16481 patchSG0005416.eoe_sw
MD5 checksum:             07A38D569FBD2F7D00FD54EA1F15FC14

Filename:                 patchSG0005416.idb
Algorithm #1 (sum -r):    09579 33 patchSG0005416.idb
Algorithm #2 (sum):       29569 33 patchSG0005416.idb
MD5 checksum:             3F4EB05871F44A876B2033F73523DD24

Filename:                 README.patch.5437
Algorithm #1 (sum -r):    52080 24 README.patch.5437
Algorithm #2 (sum):       53060 24 README.patch.5437
MD5 checksum:             E918B74A4D4D1C6F700EC88D8863CD4A

Filename:                 patchSG0005437
Algorithm #1 (sum -r):    21163 19 patchSG0005437
Algorithm #2 (sum):       54279 19 patchSG0005437
MD5 checksum:             832CF9C53F309BE50E2B9268A27E1EB6

Filename:                 patchSG0005437.FDDIXPress_sw
Algorithm #1 (sum -r):    03740 1138 patchSG0005437.FDDIXPress_sw
Algorithm #2 (sum):       45855 1138 patchSG0005437.FDDIXPress_sw
MD5 checksum:             40340AC14D7F65D1BD251794D046BA9E

Filename:                 patchSG0005437.eoe_man
Algorithm #1 (sum -r):    58730 28 patchSG0005437.eoe_man
Algorithm #2 (sum):       53579 28 patchSG0005437.eoe_man
MD5 checksum:             C45CFA5847A4A277933B66E7BC75270B

Filename:                 patchSG0005437.eoe_sw
Algorithm #1 (sum -r):    64543 27889 patchSG0005437.eoe_sw
Algorithm #2 (sum):       34011 27889 patchSG0005437.eoe_sw
MD5 checksum:             6C6CBA804E02106615328DB118541833

Filename:                 patchSG0005437.idb
Algorithm #1 (sum -r):    45681 61 patchSG0005437.idb
Algorithm #2 (sum):       42789 61 patchSG0005437.idb
MD5 checksum:             A6A80D11E34544E2E045B19E21ECDB16

Filename:                 README.patch.5440
Algorithm #1 (sum -r):    22500 9 README.patch.5440
Algorithm #2 (sum):       35714 9 README.patch.5440
MD5 checksum:             E0A5D89FA413724275A94B1E48CC0ADC

Filename:                 patchSG0005440
Algorithm #1 (sum -r):    13783 6 patchSG0005440
Algorithm #2 (sum):       53102 6 patchSG0005440
MD5 checksum:             4CC7134B5B90217D3EB06694EB99E585

Filename:                 patchSG0005440.FDDIXPress_sw
Algorithm #1 (sum -r):    40263 1139 patchSG0005440.FDDIXPress_sw
Algorithm #2 (sum):       16078 1139 patchSG0005440.FDDIXPress_sw
MD5 checksum:             B112C8B2BE09336795426E9C8F8DDD31

Filename:                 patchSG0005440.eoe_sw
Algorithm #1 (sum -r):    02270 17123 patchSG0005440.eoe_sw
Algorithm #2 (sum):       31539 17123 patchSG0005440.eoe_sw
MD5 checksum:             FF4646C97342D46E0D1506D4600CE9D7

Filename:                 patchSG0005440.idb
Algorithm #1 (sum -r):    10128 37 patchSG0005440.idb
Algorithm #2 (sum):       41515 37 patchSG0005440.idb
MD5 checksum:             73CB79C3BE81D9EDDB18C29C0E7AB144

Filename:                 README.patch.5454
Algorithm #1 (sum -r):    02122 11 README.patch.5454
Algorithm #2 (sum):       40784 11 README.patch.5454
MD5 checksum:             DA881B4ACAB0C05B0448E648E6ACB252

Filename:                 patchSG0005454
Algorithm #1 (sum -r):    19312 7 patchSG0005454
Algorithm #2 (sum):       19255 7 patchSG0005454
MD5 checksum:             3ECE411C1A68956ED2C89489FA1C6604

Filename:                 patchSG0005454.FDDIXPress_sw
Algorithm #1 (sum -r):    51190 1125 patchSG0005454.FDDIXPress_sw
Algorithm #2 (sum):       43752 1125 patchSG0005454.FDDIXPress_sw
MD5 checksum:             22F85FDE098110116750C569537DB7FB

Filename:                 patchSG0005454.eoe_man
Algorithm #1 (sum -r):    15635 35 patchSG0005454.eoe_man
Algorithm #2 (sum):       37598 35 patchSG0005454.eoe_man
MD5 checksum:             81881EB5EB78CC451918D5F2C97E8E21

Filename:                 patchSG0005454.eoe_sw
Algorithm #1 (sum -r):    12960 11623 patchSG0005454.eoe_sw
Algorithm #2 (sum):       41713 11623 patchSG0005454.eoe_sw
MD5 checksum:             71CD304499F9B58B881CF422881B8E02

Filename:                 patchSG0005454.idb
Algorithm #1 (sum -r):    33342 29 patchSG0005454.idb
Algorithm #2 (sum):       63712 29 patchSG0005454.idb
MD5 checksum:             EB226CDA37C59DA899BEB33D439BC525

Filename:                 README.patch.5461
Algorithm #1 (sum -r):    44664 11 README.patch.5461
Algorithm #2 (sum):       41100 11 README.patch.5461
MD5 checksum:             C162662C9CFDFB8BF20A5A44459852C5

Filename:                 patchSG0005461
Algorithm #1 (sum -r):    56460 7 patchSG0005461
Algorithm #2 (sum):       24631 7 patchSG0005461
MD5 checksum:             092DEAF6F065C0FD3CBAAE3190D4C80A

Filename:                 patchSG0005461.FDDIXPress_sw
Algorithm #1 (sum -r):    57160 1125 patchSG0005461.FDDIXPress_sw
Algorithm #2 (sum):       49421 1125 patchSG0005461.FDDIXPress_sw
MD5 checksum:             437F21961AD86E075A5160931D883448

Filename:                 patchSG0005461.eoe_man
Algorithm #1 (sum -r):    33021 35 patchSG0005461.eoe_man
Algorithm #2 (sum):       36557 35 patchSG0005461.eoe_man
MD5 checksum:             025102308750118FA54B8F63450A660A

Filename:                 patchSG0005461.eoe_sw
Algorithm #1 (sum -r):    09152 11675 patchSG0005461.eoe_sw
Algorithm #2 (sum):       29376 11675 patchSG0005461.eoe_sw
MD5 checksum:             79A4ADCD2BE0C8160DA7E40C60645981

Filename:                 patchSG0005461.idb
Algorithm #1 (sum -r):    26372 29 patchSG0005461.idb
Algorithm #2 (sum):       63859 29 patchSG0005461.idb
MD5 checksum:             8C33E7C894406C01B2BAD654EA271651

Filename:                 README.patch.5466
Algorithm #1 (sum -r):    34985 9 README.patch.5466
Algorithm #2 (sum):       32825 9 README.patch.5466
MD5 checksum:             B09537F37B167AB9C40F41B6632E2ECC

Filename:                 patchSG0005466
Algorithm #1 (sum -r):    09282 4 patchSG0005466
Algorithm #2 (sum):       62186 4 patchSG0005466
MD5 checksum:             7932D50B86660B5428EE6C10E11E5F0D

Filename:                 patchSG0005466.FDDIXPress_sw
Algorithm #1 (sum -r):    13190 1140 patchSG0005466.FDDIXPress_sw
Algorithm #2 (sum):       38306 1140 patchSG0005466.FDDIXPress_sw
MD5 checksum:             80F675A5F37A48CC9F49198F396E10B4

Filename:                 patchSG0005466.eoe_man
Algorithm #1 (sum -r):    59551 37 patchSG0005466.eoe_man
Algorithm #2 (sum):       9081 37 patchSG0005466.eoe_man
MD5 checksum:             714EBB9A389CF01D13C2D34B3602BE9C

Filename:                 patchSG0005466.eoe_sw
Algorithm #1 (sum -r):    12363 16227 patchSG0005466.eoe_sw
Algorithm #2 (sum):       29500 16227 patchSG0005466.eoe_sw
MD5 checksum:             1BD3F84EE81B6FF4FB4B8A9BD7D941F0

Filename:                 patchSG0005466.idb
Algorithm #1 (sum -r):    64946 33 patchSG0005466.idb
Algorithm #2 (sum):       25171 33 patchSG0005466.idb
MD5 checksum:             1F9D5AAA5A86CE80C5FA98C5F15A137E

Filename:                 README.patch.5469
Algorithm #1 (sum -r):    27693 8 README.patch.5469
Algorithm #2 (sum):       52602 8 README.patch.5469
MD5 checksum:             1A470F7C4CD02632FC7132689736DE50

Filename:                 patchSG0005469
Algorithm #1 (sum -r):    22703 3 patchSG0005469
Algorithm #2 (sum):       22023 3 patchSG0005469
MD5 checksum:             7104A2BBADAE8F3BBE86005705F93FF7

Filename:                 patchSG0005469.eoe_sw
Algorithm #1 (sum -r):    02541 12265 patchSG0005469.eoe_sw
Algorithm #2 (sum):       20357 12265 patchSG0005469.eoe_sw
MD5 checksum:             05B873EC13C489250F06A88C153D3AA6

Filename:                 patchSG0005469.idb
Algorithm #1 (sum -r):    27661 19 patchSG0005469.idb
Algorithm #2 (sum):       49603 19 patchSG0005469.idb
MD5 checksum:             31C2B092A3995DC3BC857DA15D3D2E51

Filename:                 README.patch.5509
Algorithm #1 (sum -r):    21540 9 README.patch.5509
Algorithm #2 (sum):       22223 9 README.patch.5509
MD5 checksum:             6E0FB5AEF9F6597240F47483B4D799F2

Filename:                 patchSG0005509
Algorithm #1 (sum -r):    10924 3 patchSG0005509
Algorithm #2 (sum):       15069 3 patchSG0005509
MD5 checksum:             08CFFAD7346E5EF2D5DF1CF65876C5A8

Filename:                 patchSG0005509.eoe_man
Algorithm #1 (sum -r):    48534 3 patchSG0005509.eoe_man
Algorithm #2 (sum):       5221 3 patchSG0005509.eoe_man
MD5 checksum:             0B40F03D4E1CC7E0608BD6EC8C3A440F

Filename:                 patchSG0005509.eoe_sw
Algorithm #1 (sum -r):    19486 1024 patchSG0005509.eoe_sw
Algorithm #2 (sum):       23814 1024 patchSG0005509.eoe_sw
MD5 checksum:             FA6146A571ADD077359796E39B658D23

Filename:                 patchSG0005509.idb
Algorithm #1 (sum -r):    04913 6 patchSG0005509.idb
Algorithm #2 (sum):       34998 6 patchSG0005509.idb
MD5 checksum:             C35D7D42F038C84686B2A270DED56381

Filename:                 README.patch.5510
Algorithm #1 (sum -r):    19615 9 README.patch.5510
Algorithm #2 (sum):       31698 9 README.patch.5510
MD5 checksum:             5AB49EA1AB200DDDFE84B57B7E325E70

Filename:                 patchSG0005510
Algorithm #1 (sum -r):    29707 4 patchSG0005510
Algorithm #2 (sum):       4481 4 patchSG0005510
MD5 checksum:             24EDC959F36DF0A7A168603C9C988902

Filename:                 patchSG0005510.FDDIXPress_sw
Algorithm #1 (sum -r):    41438 1219 patchSG0005510.FDDIXPress_sw
Algorithm #2 (sum):       47756 1219 patchSG0005510.FDDIXPress_sw
MD5 checksum:             C004BBB41698999AD65DC968DBCB6D3C

Filename:                 patchSG0005510.eoe_sw
Algorithm #1 (sum -r):    06185 15992 patchSG0005510.eoe_sw
Algorithm #2 (sum):       11762 15992 patchSG0005510.eoe_sw
MD5 checksum:             B4572DE7EE85143DFD4CF8DED2294017

Filename:                 patchSG0005510.idb
Algorithm #1 (sum -r):    17927 33 patchSG0005510.idb
Algorithm #2 (sum):       32020 33 patchSG0005510.idb
MD5 checksum:             361E9188804A5B72045FCBE85ECDEE93

Filename:                 README.patch.5513
Algorithm #1 (sum -r):    57969 15 README.patch.5513
Algorithm #2 (sum):       42448 15 README.patch.5513
MD5 checksum:             49DDE63A5628196E5FECB5ADFD740960

Filename:                 patchSG0005513
Algorithm #1 (sum -r):    52502 2 patchSG0005513
Algorithm #2 (sum):       55340 2 patchSG0005513
MD5 checksum:             0C0ED134B2EC6986A16C203E298A2A9A

Filename:                 patchSG0005513.eoe_sw
Algorithm #1 (sum -r):    43778 1026 patchSG0005513.eoe_sw
Algorithm #2 (sum):       53850 1026 patchSG0005513.eoe_sw
MD5 checksum:             18EE48A63D748F9321AA692D6FD08840

Filename:                 patchSG0005513.idb
Algorithm #1 (sum -r):    31581 7 patchSG0005513.idb
Algorithm #2 (sum):       49801 7 patchSG0005513.idb
MD5 checksum:             989CBAE1FF6EEF9E900B4665A6E99DF0

- ------------------------
- --- Acknowledgments ----
- ------------------------

SGI wishes to thank the FreeBSD security folks, MIT Lincoln Labs, Lockheed
Martin, Iowa State, and Paul Starzetz for their assistance in this matter.

- -------------
- --- Links ---
- -------------

Patches are available via the web, anonymous FTP and from your SGI
service/support provider.

SGI Security Advisories can be found at:
http://www.sgi.com/support/security/ and

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and

SGI Security Patches can be found at:
http://www.sgi.com/support/security/ and

SGI patches for IRIX can be found at the following patch servers:
http://support.sgi.com/ and ftp://patches.sgi.com/

SGI freeware updates for IRIX can be found at:

SGI fixes for SGI open sourced code can be found on:

SGI patches and RPMs for Linux can be found at:
http://support.sgi.com/ or

SGI patches for Windows NT or 2000 can be found at:

IRIX 5.2-6.4 Recommended/Required Patch Sets can be found at:
http://support.sgi.com/ and ftp://patches.sgi.com/support/patchset/

IRIX 6.5 Maintenance Release Streams can be found at:

IRIX 6.5 Software Update CDs can be obtained from:

The primary SGI anonymous FTP site for security advisories and patches
is patches.sgi.com (  Security advisories and patches
are located under the URL ftp://patches.sgi.com/support/free/security/

For security and patch management reasons, ftp.sgi.com (mirrors
patches.sgi.com security FTP repository) lags behind and does not
do a real-time update.

- -----------------------------------------
- --- SGI Security Information/Contacts ---
- -----------------------------------------

If there are questions about this document, email can be sent to


SGI provides security information and patches for use by the entire SGI
community.  This information is freely available to any person needing
the information and is available via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security advisories and patches
is patches.sgi.com (  Security advisories and patches
are located under the URL ftp://patches.sgi.com/support/free/security/

The SGI Security Headquarters Web page is accessible at the URL:

For issues with the patches on the FTP sites, email can be sent to

For assistance obtaining or working with security patches, please
contact your SGI support provider.


SGI provides a free security mailing list service called wiretap and
encourages interested parties to self-subscribe to receive (via email)
all SGI Security Advisories when they are released. Subscribing to the
mailing list can be done via the Web
or by sending email to SGI as outlined below.

% mail wiretap-request@xxxxxxx
subscribe wiretap <YourEmailAddress such as midwatch@xxxxxxx >

In the example above, <YourEmailAddress> is the email address that you
wish the mailing list information sent to.  The word end must be on a
separate line to indicate the end of the body of the message. The
control-d (^d) is used to indicate to the mail program that you are
finished composing the mail message.


SGI provides a comprehensive customer World Wide Web site. This site is
located at http://www.sgi.com/support/security/ .


If there are general security questions on SGI systems, email can be
sent to security-info@xxxxxxxx

For reporting *NEW* SGI security issues, email can be sent to
security-alert@xxxxxxx or contact your SGI support provider.  A
support contract is not required for submitting a security report.


      This information is provided freely to all interested parties
      and may be redistributed provided that it is not altered in any
      way, SGI is appropriately credited and the document retains and
      includes its valid PGP signature.

Version: 2.6.2
