TUCoPS :: SGI :: ciaci060.txt

SGI Irix Osf Dce Denial Of Service



                       The U.S. Department of Energy
                    Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___

                             INFORMATION BULLETIN

                SGI IRIX OSF/DCE Denial of Service Vulnerability

June 17, 1998 20:00 GMT                                           Number I-060
PROBLEM:       A vulnerability has been identified in the Distributed
               Computing Environment (DCE) security deamon (secd).
PLATFORM:      IRIX 5.3, 6.2, 6.3, and 6.4 if OSF/DCE has been installed.
DAMAGE:        Vulnerable to denial of service attacks.
SOLUTION:      Upgrade to OSF/DCE &DFS 1.1C or install patches.
VULNERABILITY  Silicon Graphics Inc. has investigated the issue and recommends
ASSESSMENT:    the following steps for neutralizing the exposure. It is HIGHLY
               RECOMMENDED that these measures be implemented on ALL
               vulnerable SGI systems.

[ Start Silicon Graphics Inc. Advisory ]


                Silicon Graphics Inc. Security Advisory

        Title:   OSF/DCE Denial of Service Attack
        Title:   CERT VB-97.12
        Number:  19980601-01-PX
        Date:    June, 16 1998

Silicon Graphics provides this information freely to the SGI user community
for its consideration, interpretation, implementation and use.   Silicon
Graphics recommends that this information be acted upon as soon as possible.

Silicon Graphics provides the information in this Security Advisory on
an "AS-IS" basis only, and disclaims all warranties with respect thereto,
express, implied or otherwise, including, without limitation, any warranty
of merchantability or fitness for a particular purpose.  In no event shall
Silicon Graphics be liable for any loss of profits, loss of business, loss
of data or for any indirect, special, exemplary, incidental or consequential
damages of any kind arising from your use of, failure to use or improper
use of any of the instructions or information in this Security Advisory.

- ------------------------
- ---- Issue Specifics ---
- ------------------------

The Open Group has released an advisory via CERT concerning a buffer overflow
which has been discovered with Distributed Computing Environment (DCE)
security demon (secd) causing it core dump and no longer accept connections.

Silicon Graphic's implementation of OSF/DCE is vulnerable to this denial of
service attack.

Silicon Graphics Inc. has investigated the issue and recommends the
following steps for neutralizing the exposure.  It is HIGHLY RECOMMENDED
that these measures be implemented on ALL vulnerable SGI systems.

This issue will be corrected in future releases of Silicon Graphic's OSF/DCE

- ---------------
- ---- Impact ---
- ---------------

Any Silicon Graphics System that has purchased OSF/DCE and installed it on
IRIX 5.3, 6.2, 6.3 or 6.4, is vulnerable to this denial of service attack.

The denial of service attack can be performed locally and remotely and without
the use of a local account on the system.

Information on the denial of service attack has been posted as a CERT Vendor
Bulletin from the Open Group and can be found at:


- -----------------
- ---- Solution ---
- -----------------

Upgrade to OSF/DCE & DFS 1.1C and install the following patches from the
December 1997 or later Recommended/Required Patch Set:

   OS Version     Vulnerable?     Patch #      Other Actions
   ----------     -----------     -------      -------------

   IRIX 3.x          no
   IRIX 4.x          no
   IRIX 5.0.x        no
   IRIX 5.1.x        no
   IRIX 5.2          no
   IRIX 5.3          yes         not avail     see Note 1
   IRIX 6.0.x        no
   IRIX 6.1          no
   IRIX 6.2          yes        2678 or 2679   see Note 2
   IRIX 6.3          yes        2680 or 2681   see Note 2
   IRIX 6.4          yes        2682 or 2683   see Note 2


     1) Upgrade operating system.

     2) Patches 2679, 2681 and 2683 are for the U.S. domestic version of
        OSF/DCE & DFS 1.1C and are not available from the standard SGI patch
        sources because they include strong encryption which cannot be
        outside of the United States without authorization.  All U.S.
        who have purchased Silicon Graphic's U.S. domestic implementation of
        the OSF/DCE & DFS 1.1C should have received an SGI patch CD which
        contains these restricted patches. Please contact your U.S. SGI
        provider if you have not received this patch CD:

        SC4-DCEDOM-1.1C   DCE Domestic Security Module 1.1C Patch CD

Patches are available via anonymous FTP and your service/support provider.

The SGI anonymous FTP site is sgigate.sgi.com ( or its
mirror, ftp.sgi.com.   Security information and patches can be found
in the ~ftp/security and ~ftp/patches directories, respectfully.

                 ##### Patch File Checksums ####

The actual patch will be a tar file containing the following files:

Filename:                 README.patch.2678
Algorithm #1 (sum -r):    03340 18 README.patch.2678
Algorithm #2 (sum):       44196 18 README.patch.2678
MD5 checksum:             3925265EE23DEACDD2421F1B332D6138

Filename:                 patchSG0002678
Algorithm #1 (sum -r):    29356 8 patchSG0002678
Algorithm #2 (sum):       28887 8 patchSG0002678
MD5 checksum:             8F70D3A0A297F21DB47A89C6522216AC

Filename:                 patchSG0002678.DCE_hdr
Algorithm #1 (sum -r):    29460 8 patchSG0002678.DCE_hdr
Algorithm #2 (sum):       21868 8 patchSG0002678.DCE_hdr
MD5 checksum:             FB225D06B2C3388C90AEDEA602C47E9C

Filename:                 patchSG0002678.DCE_sw
Algorithm #1 (sum -r):    01092 20273 patchSG0002678.DCE_sw
Algorithm #2 (sum):       38822 20273 patchSG0002678.DCE_sw
MD5 checksum:             F431CAD81201422515E5657F404D9A9E

Filename:                 patchSG0002678.DCE_sw32
Algorithm #1 (sum -r):    32696 5828 patchSG0002678.DCE_sw32
Algorithm #2 (sum):       50088 5828 patchSG0002678.DCE_sw32
MD5 checksum:             69D82184EFE0C90B42E3580EE8C12C3F

Filename:                 patchSG0002678.DCE_sw64
Algorithm #1 (sum -r):    49268 6303 patchSG0002678.DCE_sw64
Algorithm #2 (sum):       46879 6303 patchSG0002678.DCE_sw64
MD5 checksum:             327E6C8AA4EA66D28D9B4F4BA2C1C29E

Filename:                 patchSG0002678.DFS_sw
Algorithm #1 (sum -r):    57135 33041 patchSG0002678.DFS_sw
Algorithm #2 (sum):       19241 33041 patchSG0002678.DFS_sw
MD5 checksum:             E304E1471272D29DEBDEF2C92B1F507E

Filename:                 patchSG0002678.idb
Algorithm #1 (sum -r):    18177 24 patchSG0002678.idb
Algorithm #2 (sum):       34402 24 patchSG0002678.idb
MD5 checksum:             9732B977851307A76D0A41915446AFD3

Filename:                 README.patch.2679
Algorithm #1 (sum -r):    12911 18 README.patch.2679
Algorithm #2 (sum):       45218 18 README.patch.2679
MD5 checksum:             0372E330C0F36F21BE1B18104B35764A

Filename:                 patchSG0002679
Algorithm #1 (sum -r):    21166 4 patchSG0002679
Algorithm #2 (sum):       4443 4 patchSG0002679
MD5 checksum:             1EF8D675D4970C3680ABF3F172707A18

Filename:                 patchSG0002679.DCE_domestic_sw
Algorithm #1 (sum -r):    00651 6058 patchSG0002679.DCE_domestic_sw
Algorithm #2 (sum):       2779 6058 patchSG0002679.DCE_domestic_sw
MD5 checksum:             58DBF50346C7C061B880307FC93F529B

Filename:                 patchSG0002679.DCE_domestic_sw32
Algorithm #1 (sum -r):    60926 5912 patchSG0002679.DCE_domestic_sw32
Algorithm #2 (sum):       30244 5912 patchSG0002679.DCE_domestic_sw32
MD5 checksum:             542C70B9A9E9AB67B692797C027B03B5

Filename:                 patchSG0002679.DCE_domestic_sw64
Algorithm #1 (sum -r):    42845 6378 patchSG0002679.DCE_domestic_sw64
Algorithm #2 (sum):       3556 6378 patchSG0002679.DCE_domestic_sw64
MD5 checksum:             7AAF218B85F599616F0177AA0EB33EA6

Filename:                 patchSG0002679.DFS_domestic_sw
Algorithm #1 (sum -r):    01958 26147 patchSG0002679.DFS_domestic_sw
Algorithm #2 (sum):       40763 26147 patchSG0002679.DFS_domestic_sw
MD5 checksum:             16AC2AB4DAADB7FC858E17E04A2EBB80

Filename:                 patchSG0002679.idb
Algorithm #1 (sum -r):    32131 10 patchSG0002679.idb
Algorithm #2 (sum):       7644 10 patchSG0002679.idb
MD5 checksum:             A32549C1EB308E2E60691C5E0D5F4AE3

Filename:                 README.patch.2680
Algorithm #1 (sum -r):    07341 17 README.patch.2680
Algorithm #2 (sum):       27764 17 README.patch.2680
MD5 checksum:             426FB2F07E7D475A6041082D4ABF2C88

Filename:                 patchSG0002680
Algorithm #1 (sum -r):    41854 8 patchSG0002680
Algorithm #2 (sum):       12427 8 patchSG0002680
MD5 checksum:             E1FDE5E34BDA47AC2F49A84F90480D34

Filename:                 patchSG0002680.DCE_hdr
Algorithm #1 (sum -r):    38241 74 patchSG0002680.DCE_hdr
Algorithm #2 (sum):       46233 74 patchSG0002680.DCE_hdr
MD5 checksum:             C1AFA1041993291393C9D2E695D11A57

Filename:                 patchSG0002680.DCE_sw
Algorithm #1 (sum -r):    15573 21331 patchSG0002680.DCE_sw
Algorithm #2 (sum):       54145 21331 patchSG0002680.DCE_sw
MD5 checksum:             B18761B8BD7C8D2132D66E163E7A9A03

Filename:                 patchSG0002680.DCE_sw32
Algorithm #1 (sum -r):    53311 5838 patchSG0002680.DCE_sw32
Algorithm #2 (sum):       10596 5838 patchSG0002680.DCE_sw32
MD5 checksum:             247FAC6371C9F16EED37ED2ADA18C6FA

Filename:                 patchSG0002680.DCE_sw64
Algorithm #1 (sum -r):    08341 6318 patchSG0002680.DCE_sw64
Algorithm #2 (sum):       24100 6318 patchSG0002680.DCE_sw64
MD5 checksum:             922CF0068BF93FF6B2AEEDF7791CF19D

Filename:                 patchSG0002680.DFS_sw
Algorithm #1 (sum -r):    60299 10516 patchSG0002680.DFS_sw
Algorithm #2 (sum):       16894 10516 patchSG0002680.DFS_sw
MD5 checksum:             8C41AE6B8F34F21CC213307E936D0E7E

Filename:                 patchSG0002680.idb
Algorithm #1 (sum -r):    21012 19 patchSG0002680.idb
Algorithm #2 (sum):       49791 19 patchSG0002680.idb
MD5 checksum:             5F9B2EFBD7382D1E9C805C4AB39790AC
Filename:                 README.patch.2681
Algorithm #1 (sum -r):    37820 17 README.patch.2681
Algorithm #2 (sum):       23466 17 README.patch.2681
MD5 checksum:             BF90D4120752681AA8CC85E30D8F9B2C

Filename:                 patchSG0002681
Algorithm #1 (sum -r):    06707 4 patchSG0002681
Algorithm #2 (sum):       52425 4 patchSG0002681
MD5 checksum:             D8B53358819662E4F37756EDCBC46E04

Filename:                 patchSG0002681.DCE_domestic_sw
Algorithm #1 (sum -r):    52817 6060 patchSG0002681.DCE_domestic_sw
Algorithm #2 (sum):       13736 6060 patchSG0002681.DCE_domestic_sw
MD5 checksum:             B83F91BF6788F1CF5EF4118B259B3651

Filename:                 patchSG0002681.DCE_domestic_sw32
Algorithm #1 (sum -r):    02189 5909 patchSG0002681.DCE_domestic_sw32
Algorithm #2 (sum):       26545 5909 patchSG0002681.DCE_domestic_sw32
MD5 checksum:             3494E5F01F246CCAC8F98299B5A0FC06

Filename:                 patchSG0002681.DCE_domestic_sw64
Algorithm #1 (sum -r):    05410 6378 patchSG0002681.DCE_domestic_sw64
Algorithm #2 (sum):       3477 6378 patchSG0002681.DCE_domestic_sw64
MD5 checksum:             57D90B48AF707EF1C494AEFF621D76B6

Filename:                 patchSG0002681.DFS_domestic_sw
Algorithm #1 (sum -r):    37813 3102 patchSG0002681.DFS_domestic_sw
Algorithm #2 (sum):       10135 3102 patchSG0002681.DFS_domestic_sw
MD5 checksum:             9098B23B1C947FEF6C6E3282D7C12BC8

Filename:                 patchSG0002681.idb
Algorithm #1 (sum -r):    48063 4 patchSG0002681.idb
Algorithm #2 (sum):       34347 4 patchSG0002681.idb
MD5 checksum:             0C25153F4F015AC9ABE43AEE37EBE560

Filename:                 README.patch.2682
Algorithm #1 (sum -r):    36320 16 README.patch.2682
Algorithm #2 (sum):       25472 16 README.patch.2682
MD5 checksum:             FBD4E422418F1C04BE834B01DA32A956

Filename:                 patchSG0002682
Algorithm #1 (sum -r):    44327 6 patchSG0002682
Algorithm #2 (sum):       3707 6 patchSG0002682
MD5 checksum:             CB79E4CD6C3D177F4C2F9DC4F2A4C31F

Filename:                 patchSG0002682.DCE_hdr
Algorithm #1 (sum -r):    34388 1 patchSG0002682.DCE_hdr
Algorithm #2 (sum):       9815 1 patchSG0002682.DCE_hdr
MD5 checksum:             DFDD445FF99356C86CFBF4C4BAF7F4AB

Filename:                 patchSG0002682.DCE_sw
Algorithm #1 (sum -r):    56190 16020 patchSG0002682.DCE_sw
Algorithm #2 (sum):       52603 16020 patchSG0002682.DCE_sw
MD5 checksum:             A9D064BA7D97E4AFDBEDA8BB0428A767

Filename:                 patchSG0002682.DCE_sw32
Algorithm #1 (sum -r):    26046 6099 patchSG0002682.DCE_sw32
Algorithm #2 (sum):       41071 6099 patchSG0002682.DCE_sw32
MD5 checksum:             73B1042595A90F900B7B4838CA5181DA

Filename:                 patchSG0002682.DCE_sw64
Algorithm #1 (sum -r):    06103 6370 patchSG0002682.DCE_sw64
Algorithm #2 (sum):       63088 6370 patchSG0002682.DCE_sw64
MD5 checksum:             FD8A1B2D30FDA797B995117BF140FC55

Filename:                 patchSG0002682.DFS_sw
Algorithm #1 (sum -r):    56717 9573 patchSG0002682.DFS_sw
Algorithm #2 (sum):       64974 9573 patchSG0002682.DFS_sw
MD5 checksum:             226707FB10F844E2CB4F30595AC70FD8

Filename:                 patchSG0002682.idb
Algorithm #1 (sum -r):    10563 16 patchSG0002682.idb
Algorithm #2 (sum):       26825 16 patchSG0002682.idb
MD5 checksum:             FF387CDB1EE4EF8F9376A850AB2F8379

Filename:                 README.patch.2683
Algorithm #1 (sum -r):    32338 15 README.patch.2683
Algorithm #2 (sum):       21219 15 README.patch.2683
MD5 checksum:             0DF1BDCD671FA2E03A58C9838A680928

Filename:                 patchSG0002683
Algorithm #1 (sum -r):    58679 4 patchSG0002683
Algorithm #2 (sum):       56375 4 patchSG0002683
MD5 checksum:             F255015A5340CD34B0D707D396FD6D6B

Filename:                 patchSG0002683.DCE_domestic_sw
Algorithm #1 (sum -r):    25494 5598 patchSG0002683.DCE_domestic_sw
Algorithm #2 (sum):       54032 5598 patchSG0002683.DCE_domestic_sw
MD5 checksum:             D54E04B44F4385167E3E93B7CC694D5F

Filename:                 patchSG0002683.DCE_domestic_sw32
Algorithm #1 (sum -r):    50283 6197 patchSG0002683.DCE_domestic_sw32
Algorithm #2 (sum):       62501 6197 patchSG0002683.DCE_domestic_sw32
MD5 checksum:             B611492E5C9731F095BC21D580405B33

Filename:                 patchSG0002683.DCE_domestic_sw64
Algorithm #1 (sum -r):    28076 6442 patchSG0002683.DCE_domestic_sw64
Algorithm #2 (sum):       6953 6442 patchSG0002683.DCE_domestic_sw64
MD5 checksum:             A81BBDA039240C9EF751557A8D707FE0

Filename:                 patchSG0002683.DFS_domestic_sw
Algorithm #1 (sum -r):    20332 3263 patchSG0002683.DFS_domestic_sw
Algorithm #2 (sum):       63172 3263 patchSG0002683.DFS_domestic_sw
MD5 checksum:             E24CE4010A087AF805253C5BCCF6A325

Filename:                 patchSG0002683.idb
Algorithm #1 (sum -r):    30870 4 patchSG0002683.idb
Algorithm #2 (sum):       34408 4 patchSG0002683.idb
MD5 checksum:             991B340AFDE13737FA40F584D4854989

- -------------------------
- ---- Acknowledgments ---
- -------------------------

Silicon Graphics wishes to thank the the CERT Coordination Center for their
assistance in this matter.

- ------------------------------------------------------------
- ---- Silicon Graphics Inc. Security Information/Contacts ---
- ------------------------------------------------------------

If there are questions about this document, email can be sent to


Silicon Graphics provides security information and patches for
use by the entire SGI community.  This information is freely
available to any person needing the information and is available
via anonymous FTP and the Web.

The primary SGI anonymous FTP site for security information and patches
is sgigate.sgi.com (  Security information and patches
are located under the directories ~ftp/security and ~ftp/patches,
respectively. The Silicon Graphics Security Headquarters Web page is
accessible at the URL http://www.sgi.com/Support/security/security.html.

For issues with the patches on the FTP sites, email can be sent to

For assistance obtaining or working with security patches, please
contact your SGI support provider.


Silicon Graphics provides a free security mailing list service
called wiretap and encourages interested parties to self-subscribe
to receive (via email) all SGI Security Advisories when they are
released. Subscribing to the mailing list can be done via the Web
(http://www.sgi.com/Support/security/wiretap.html) or by sending email
to SGI as outlined below.

% mail wiretap-request@sgi.com
subscribe wiretap <YourEmailAddress>

In the example above, <YourEmailAddress> is the email address that you
wish the mailing list information sent to.  The word end must be on a
separate line to indicate the end of the body of the message. The
control-d (^d) is used to indicate to the mail program that you are
finished composing the mail message.


Silicon Graphics provides a comprehensive customer World Wide Web site.
This site is located at http://www.sgi.com/Support/security/security.html.


For reporting *NEW* SGI security issues, email can be sent to
security-alert@sgi.com or contact your SGI support provider.  A
support contract is not required for submitting a security report.

  This information is provided freely to all interested parties and may
  be redistributed provided that it is not altered in any way, Silicon
  Graphics is appropriately credited and the document retains and
  includes its valid PGP signature.

Version: 2.6.2


[ End Silicon Graphics Inc. Advisory ]

CIAC wishes to acknowledge the contributions of Silicon Graphics Inc. for the
information contained in this bulletin.

CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@llnl.gov

For emergencies and off-hour assistance, DOE, DOE contractor sites,
and the NIH may contact CIAC 24-hours a day. During off hours (5PM -
8AM PST), call the CIAC voice number 925-422-8193 and leave a message,
or call 800-759-7243 (800-SKY-PAGE) to send a Sky Page. CIAC has two
Sky Page PIN numbers, the primary PIN number, 8550070, is for the CIAC
duty person, and the secondary PIN number, 8550074 is for the CIAC
Project Leader.

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
                        (or http://ciac.llnl.gov -- they're the same machine)
   Anonymous FTP:       ftp.ciac.org
                        (or ciac.llnl.gov -- they're the same machine)
   Modem access:        +1 (925) 423-4753 (28.8K baud)
                        +1 (925) 423-3331 (28.8K baud)

CIAC has several self-subscribing mailing lists for electronic
1. CIAC-BULLETIN for Advisories, highest priority - time critical
   information and Bulletins, important computer security information;
2. SPI-ANNOUNCE for official news about Security Profile Inspector
   (SPI) software updates, new features, distribution and
3. SPI-NOTES, for discussion of problems and solutions regarding the
   use of SPI products.

Our mailing lists are managed by a public domain software package
called Majordomo, which ignores E-mail header subject lines. To
subscribe (add yourself) to one of our mailing lists, send the
following request as the E-mail message body, substituting
ciac-bulletin, spi-announce OR spi-notes for list-name:

E-mail to       ciac-listproc@llnl.gov or majordomo@tholia.llnl.gov:
        subscribe list-name
  e.g., subscribe ciac-bulletin

You will receive an acknowledgment email immediately with a confirmation
that you will need to mail back to the addresses above, as per the
instructions in the email.  This is a partial protection to make sure
you are really the one who asked to be signed up for the list in question.

If you include the word 'help' in the body of an email to the above address,
it will also send back an information file on how to subscribe/unsubscribe,
get past issues of CIAC bulletins via email, etc.

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

I-050: Digital UNIX softlinks - advfs Vulnerability
I-051: FreeBSD T/TCP Vulnerability
I-052: 3Com CoreBuilder and SuperStack II LAN Vulnerabilities
I-053: ISC DHCP Distribution Vulnerability
I-054: Cisco Web Cache Control Protocol Router Vulnerability
I-055: SGI IRIX Vulnerabilities (NetWare Client, diskperf/diskalign
I-056: Cisco PIX Private Link Key Processing and Cryptography Vulnerability
I-057: FreeBSD NFS Kernel Code Error
I-058: SunOS rpc.nisd Vulnerability
I-059: Sun ftpd Vulnerability

Version: 4.0 Business Edition


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH