IRIX 5.2 Security Advisory

[steve () ecf toronto edu (Steve Kotsopoulos)]

I am cc'ing this update to several mailing lists the advisory has been
forwarded to since last week.

Steve Kotsopoulos <steve () ecf toronto edu> wrote:
> I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp
> system doesn't seem to contain anything but data files with normal
> permissions (no setuid programs).
>
> How can the removal of this subsystem affect security?
> Was there a typo in the advisory, perhaps?
>
> If anyone knows, please pass on the information.

Since last Friday, I have found out the following from people at SGI:

: There's no typo. It's correct. I suggest that you do it rather rapidly.

So everyone running IRIX 5.2 is advised to run:

        # versions remove sgihelp.books.ViewerHelp

When I asked for an explanation of the problem, or even a hint:

: If we told you what the problem was, then you might go break into other
: machines. That wouldn't look good for SGI. In fact, 99% of the people
: wouldn't use the info to break into other machines. We just have to
: watch out for that 1%.

After I asked how I could detect if it has been exploited on my system:

: There is no way to know if someone has exploited the bug. It's such
: a quiet little hole that it doesn't leave a mark anywhere. You don't
: even have to logon to exploit it. That's how bad it is.

I have also been told by another SGI customer that SGI's Technical
Assistance Center hasn't been told what the problem is.

Corrections and updates to the above information is encouraged.

        Steve