[security] Security Advisories

Lorenzo Iannuzzi nakis a libero.it
Dom 4 Apr 2004 00:30:12 CEST


http://www.sgi.com/support/security/

AtStake and CERT reported a network device driver vulnerability
called EtherLeak:


http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
 http://www.kb.cert.org/vuls/id/412115
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001

The gXX and tgXX gigabit network interfaces, and efXX network interface
on
SGI systems are not vulnerable to this issue.

However, older SGI network interfaces are potentially vulnerable, but
they are in legacy support mode with no new fixes/patches provided.

It has been reported thru various channel that there are several
security issues affecting ftpd on IRIX.

 * win2k -> irix ftpd hangs indefinitely on link failure (SGI BUG
893718)
 * ftpd DoS possible involving PORT mode                 (SGI BUG
899364)
 * ftpd's ftp_syslog() doesn't work with anonymous FTP   (SGI BUG
909172)
-- 

Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale  stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  244 bytes
Descrizione: non disponibile
Url:         http://itlists.org/pipermail/security/attachments/20040404/628193f7/attachment.pgp 


Maggiori informazioni sulla lista security