[7567] in bugtraq
Re: irix-6.2 "at -f" vulnerability
daemon@ATHENA.MIT.EDU (Ben Sapp)
Fri Aug 7 17:42:18 1998
Date: Thu, 6 Aug 1998 16:43:54 -0600
Reply-To: Ben Sapp <bsapp@NUA.LAMPF.LANL.GOV>
From: Ben Sapp <bsapp@NUA.LAMPF.LANL.GOV>
X-To: Richard Johnson <rdump@RIVER.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Richard Johnson <rdump@RIVER.COM> "irix-6.2 "at -f"
vulnerability" (Aug 5, 6:24am)
I have IRIX 6.4,6.2 and 5.3. Only one system was vulnerable and that was
because I had not installed the reccomended patch set. Go to
"http://support.sgi.com:80/surfzone/patches/patchset/index.html" to get the
current patch sets. To do so will requre a surfzone membership. It is also
noteworthy that I do not have patch 3184 installed on any systems. So some
other patch must fix it as well as patch 3184.
> The irix-6.2 "at -f" vulnerability was mentioned on BUGTRAQ a while back. [1]
> Unfortunately SGI has not issued an advisory on this, nor does it appear
> in their security patches list at www.sgi.com as of Aug 4, although a
> patch *has* been made available.
>
> The patch number is 3184 and those with SGI Surfzone IDs can get it
> by searching for "3184" at SGI's web site. The top-level description
> says it is for 6.4, but the patch README mentions 6.2 bugs which are
> patched.
> -------
>
> [1] <http://www.geek-girl.com/bugtraq/1998_3/0042.html>
> <http://www.geek-girl.com/bugtraq/1998_2/0626.html>
>-- End of excerpt from Richard Johnson
