Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
31323334353637383940
SAFER – Vol. 3, Issue 6 33 © 2000 The Relay Group
SGI Security Advisory 20000501-01-P: Vulnerability in infosrch.cgi
Released May 22, 2000
Affects IRIX 6.5-6.5.7
Reference http://www.sgi.com/
Problem
- The Infosearch(1) subsystem is used to search and browse virtually all SGI on-line documentation.
The infosrch.cgi(1) is a program that allows access to infosearch(1) through a default installed
HTTP web server on port 80.
- Unfortunately, vulnerability has been discovered in infosrch.cgi(1) which could allow any remote
user to view files on the vulnerable system with privileges of the user "nobody".
SAFER
- Patches are available.
Microsoft Security Bulletin (MS00-029)
Released May 19, 2000
Affects Microsoft Windows 95, 98, NT4.0, 2000
Reference http://www.microsoft.com/technet/security/bulletin/fq00-029.asp
Problem
- The affected systems contain a flaw in the code that performs IP fragment reassembly. If a
continuous stream of fragmented IP datagrams with a particular malformation were sent to an
affected machine, it could be made to devote most or all of its CPU availability to processing them.
The data rate needed to completely deny service varies depending on the machine and network
conditions, but in most cases even relatively moderate rates would suffice.
- The vulnerability would not allow a malicious user to compromise data on the machine or usurp
administrative control over it. Although it has been reported that the attack in some cases will
cause an affected machine to crash, affected machines in all Microsoft testing returned to normal
service shortly after the fragments stopped arriving. Machines protected by a proxy server or a
firewall that drops fragmented packets would not be affected by this vulnerability. The machines
most likely to be affected by this vulnerability would be machines located on the edge of a network
such as web servers or proxy servers.
SAFER
- Microsoft has released a patch.
IBM Security Advisory ERS-OAR-E01-2000:087.1
Released May 19, 2000
Affects IBM AIX versions 3.2.x, 4.1.x, 4.2.x, 4.3.x
Reference http://techsupport.services.ibm.com/
Problem
- Local users could gain write access to some files on local or remotely mounted AIX filesystems,
even though the file permissions do not allow write access. This vulnerability was discovered in
the IBM laboratory during analysis of filesystem behavior and is not exposed during normal system
operation.
- A local user could gain write access to some files on local or remotely mounted AIX filesystems,
even though the file permissions do not allow write access.
SAFER
- IBM has released patches.