comp.sys.sgi.bugs: Re: YET another security alert (sigh)

Forwarded by Kari Hurtta (hurtta+usenet@OZONE.FMI.FI)
Tue, 05 Aug 1997 10:41:37 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: mhpower@MIT.EDU: "security hole in mget (in ftp client)"
Previous message: Kyle Amon: "Re: SSH LocalForward"

Path:
kronos.fmi.fi!news.funet.fi!news.eunet.fi!EU.net!Norway.EU.net!uninett.no!news.global-one.no!kether!art
Date: 4 Aug 1997 08:28:01 GMT
From: art@kether.global-one.no (Arthur Hagen)
Subject: Re: YET another security alert (sigh)
Reply-to: art@broomstick.com
Message-id: <yd8n2ngl1tf.fsf@hoshi.engr.sgi.com>
Message-id: <5s43qh$gn0$2@bone.global-one.no>
Organization: Global One
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=US-ASCII
Newsgroups: comp.sys.sgi.bugs,comp.sys.sgi.admin
Lines: 20
NNTP-posting-host: kether.global-one.no
References: <33AB2631.41C6@syntaxgroup.it>
<yd8k9iscecm.fsf@hoshi.engr.sgi.com> <5qve9e$ivc$1@naiad.grenet.fr>
References: <5rrpbr$l88$4@bone.global-one.no> <5rsff3$sj$1@bone.global-one.no>
Xref: kronos.fmi.fi comp.sys.sgi.bugs:3926 comp.sys.sgi.admin:49713

Furthermore on the html/privileges exploit:

Because I think it unlikely there will be a fix to this any time soon,
it would help if people running proxy servers set the servers up to
filter these MIME types:

application/x-sgi-exec exts=edf
application/x-sgi-task exts=tdf

and it probably wouldn't hurt to block the other application/x-sgi-
mime types too:

type=application/x-sgi-catalog exts=cdf
type=application/x-sgi-glossary exts=gloss
type=application/x-sgi-lpr exts=sgi-lpr

Regards,

--
*Art

Next message: mhpower@MIT.EDU: "security hole in mget (in ftp client)"
Previous message: Kyle Amon: "Re: SSH LocalForward"