Hmm jo ich könnte wenns was werden soll mit der neuen Rubrik immer das Aktuellste pasten, da ich immer per Mail vom SGI Security Coordinator die Security Holes in IRIX reinbekomme, weiss zwar auch nicht warum aber, naja
Würde dann in etwa so aussehen:
______________________________________________________________________________
SGI Security Advisory
Title : Buffer Overrun Vulnerability in /sbin/ps
Number : 20030202-01-I
Date : February 26, 2003
Reference: CVE-1999-0301
Reference: SGI BUG 696723
Fixed in : IRIX 6.5.5 or later
______________________________________________________________________________
- -----------------------
- --- Issue Specifics ---
- -----------------------
It has been reported that there was a potential buffer overrun vulnerability
in the /sbin/ps program. This could result in a user with a local account
gaining privileged access.
For more information, see:
ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2003-SCO.1.1/CSSA-2003-SCO.1.1.txtand
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0301SGI has investigated the issue and recommends the following steps for
neutralizing the exposure. It is HIGHLY RECOMMENDED that these measures be
implemented on ALL vulnerable SGI systems.
These issues have been corrected in IRIX 6.5.5 and later.
- --------------
- --- Impact ---
- --------------
The /sbin/ps binary is installed by default on IRIX 6.5 systems as part of
eoe.sw.base.
To determine the version of IRIX you are running, execute the following
command:
# /bin/uname -R
That will return a result similar to the following:
# 6.5 6.5.16f
The first number ("6.5") is the release name, the second ("6.5.16f" in this
case) is the extended release name. The extended release name is the
"version" we refer to throughout this document.
- ----------------------------
- --- Temporary Workaround ---
- ----------------------------
There is no effective workaround available for this problem.
SGI recommends upgrading to IRIX 6.5.5 or later.
- ----------------
- --- Solution ---
- ----------------
SGI has not provided patches for this vulnerability. Our recommendation
is to upgrade to IRIX 6.5.5 or later.
OS Version Vulnerable? Patch # Other Actions
---------- ----------- ------- -------------
IRIX 3.x unknown Note 1
IRIX 4.x unknown Note 1
IRIX 5.x unknown Note 1
IRIX 6.0.x unknown Note 1
IRIX 6.1 unknown Note 1
IRIX 6.2 unknown Note 1
IRIX 6.3 unknown Note 1
IRIX 6.4 unknown Note 1
IRIX 6.5 yes Notes 2 & 3
IRIX 6.5.1 yes Notes 2 & 3
IRIX 6.5.2 yes Notes 2 & 3
IRIX 6.5.3 yes Notes 2 & 3
IRIX 6.5.4 yes Notes 2 & 3
IRIX 6.5.5 no
IRIX 6.5.6 no
IRIX 6.5.7 no
IRIX 6.5.8 no
IRIX 6.5.9 no
IRIX 6.5.10 no
IRIX 6.5.11 no
IRIX 6.5.12 no
IRIX 6.5.13 no
IRIX 6.5.14 no
IRIX 6.5.15 no
IRIX 6.5.16 no
IRIX 6.5.17 no
IRIX 6.5.18 no
NOTES
1) This version of the IRIX operating has been retired. Upgrade to an
actively supported IRIX operating system.
See
http://support.sgi.com/ for more information.
2) If you have not received an IRIX 6.5.X CD for IRIX 6.5, contact your
SGI Support Provider or URL:
http://support.sgi.com/ 3) Upgrade to IRIX 6.5.5 or later