[5105] in bugtraq
comp.sys.sgi.bugs: Re: YET another security alert (sigh)
daemon@ATHENA.MIT.EDU (Forwarded by Kari Hurtta)
Tue Aug 5 11:03:36 1997
Date: Tue, 5 Aug 1997 10:41:37 +0300
Reply-To: hurtta+usenet@OZONE.FMI.FI, art@broomstick.com
From: Forwarded by Kari Hurtta <hurtta+usenet@OZONE.FMI.FI>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199708040915.MAA11015@ozone.fmi.fi>
From: art@kether.global-one.no (Arthur Hagen)
Subject: Re: YET another security alert (sigh)
Newsgroups: comp.sys.sgi.bugs,comp.sys.sgi.admin
Date: 4 Aug 1997 08:28:01 GMT
Organization: Global One
Reply-To: art@broomstick.com
Message-ID: <yd8n2ngl1tf.fsf@hoshi.engr.sgi.com>
References: <33AB2631.41C6@syntaxgroup.it> <yd8k9iscecm.fsf@hoshi.engr.sgi.com> <5qve9e$ivc$1@naiad.grenet.fr>
Path: kronos.fmi.fi!news.funet.fi!news.eunet.fi!EU.net!Norway.EU.net!uninett.no!news.global-one.no!kether!art
Lines: 20
Message-ID: <5s43qh$gn0$2@bone.global-one.no>
References: <5rrpbr$l88$4@bone.global-one.no> <5rsff3$sj$1@bone.global-one.no>
NNTP-Posting-Host: kether.global-one.no
Xref: kronos.fmi.fi comp.sys.sgi.bugs:3926 comp.sys.sgi.admin:49713
Furthermore on the html/privileges exploit:
Because I think it unlikely there will be a fix to this any time soon,
it would help if people running proxy servers set the servers up to
filter these MIME types:
application/x-sgi-exec exts=edf
application/x-sgi-task exts=tdf
and it probably wouldn't hurt to block the other application/x-sgi-
mime types too:
type=application/x-sgi-catalog exts=cdf
type=application/x-sgi-glossary exts=gloss
type=application/x-sgi-lpr exts=sgi-lpr
Regards,
--
*Art
