[7632] in bugtraq
Re: irix-6.2 "at -f" vulnerability
daemon@ATHENA.MIT.EDU (John R. Vanderpool)
Wed Aug 12 16:47:10 1998
Date: Wed, 12 Aug 1998 13:36:25 -0400
Reply-To: "John R. Vanderpool" <fish@DAACDEV1.GSFC.NASA.GOV>
From: "John R. Vanderpool" <fish@DAACDEV1.GSFC.NASA.GOV>
To: BUGTRAQ@NETSPACE.ORG
> This deserves passing on. SGI has a patch for the problem, but apparently
> hasn't publicized the details.
typical of them for the most part
> -------
> Subject: irix-6.2 "at -f" vulnerability
>
> The irix-6.2 "at -f" vulnerability was mentioned on BUGTRAQ a while back. [1]
> Unfortunately SGI has not issued an advisory on this, nor does it appear
> in their security patches list at www.sgi.com as of Aug 4, although a
> patch *has* been made available.
>
> The patch number is 3184 and those with SGI Surfzone IDs can get it
> by searching for "3184" at SGI's web site. The top-level description
> says it is for 6.4, but the patch README mentions 6.2 bugs which are
> patched.
> -------
for irix 6.2 the patch is 2866 or its current successor 3182 (buried in what
is called a "commands patch + y2k"
fish
--
"it's so easy to slip, it's so easy to fall,
and let your memory drift and do nothing at all..." -lowell george
John R. Vanderpool <fish@daacdev1.gsfc.nasa.gov> NASA/GSFC/RSTX
