Re: irix-6.2 "at -f" vulnerability

From: Michael S Kluskens (kluskensat_private)
Date: Wed Aug 12 1998 - 15:13:47 PDT

Next message: Paul Leach: "Re: Apache DoS Attack"

Previous message: Dag-Erling Coidan Smørgrav: "Re: Apache DoS Attack"
Maybe in reply to: Richard Johnson: "irix-6.2 "at -f" vulnerability"
Next in thread: Liam O. Forbes: "Re: irix-6.2 "at -f" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> -------
>> Subject: irix-6.2 "at -f" vulnerability
>>
>> The irix-6.2 "at -f" vulnerability was mentioned on BUGTRAQ a while
>>back. [1]
>> Unfortunately SGI has not issued an advisory on this, nor does it appear
>> in their security patches list at www.sgi.com as of Aug 4, although a
>> patch *has* been made available.
>>
>> The patch number is 3184 and those with SGI Surfzone IDs can get it
>> by searching for "3184" at SGI's web site.  The top-level description
>> says it is for 6.4, but the patch README mentions 6.2 bugs which are
>> patched.
>> -------
>
>for irix 6.2 the patch is 2866 or its current successor 3182 (buried in what
>is called a "commands patch  + y2k"
>

On our IRIX 6.2 system patched with 2866, this vulnerability still exists.

Michael

Next message: Paul Leach: "Re: Apache DoS Attack"
Previous message: Dag-Erling Coidan Smørgrav: "Re: Apache DoS Attack"
Maybe in reply to: Richard Johnson: "irix-6.2 "at -f" vulnerability"
Next in thread: Liam O. Forbes: "Re: irix-6.2 "at -f" vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:23 PDT