[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IRIX

To: "DDCS.SGI.clients": ;;;
Subject: IRIX
From: Lyle Wiedeman <wiedeman@uci.edu>
Date: Fri, 13 Jun 1997 15:42:28 -0700
Cc: oac_ddcs@hydra.acs.uci.edu
Delivery-date: Fri, 13 Jun 1997 16:57:55 -0700

Dear client,

We sincerely apologize for any inconvenience we caused you yesterday.

As a previous message has stated, we were recently informed of
a number of easily exploitable, well publicized security holes on
SGI systems.

We judged it a priority to deal with this matter quickly.
Regrettably, we had not tested the correction we used thoroughly
enough and caused some disruption in your work.

We have removed the changes and your systems should be functioning
normally now.  Please contact your support person, or me, if you do
not believe this to be the case with your system.

However, the vulnerability remains.  It is still necessary to
address the security issue.  We will be in contact with you
when we have developed a more successful course of correction.

In light of this incident, we are carefully discussing a procedure to
better balance the priorities of system availability, system security,
and keeping affected users informed.  Any advice you have is welcome.

Again, we sincerely apologize for any inconvenience we caused you
yesterday, and thank you for your patience.

    Lyle Wiedeman     
    wiedeman@uci.edu      Office of Academic Computing
    (714) 824-8718        Univ. Calif. Irvine
FAX (714) 824-2069        Irvine, CA  92717
WWW http://www.oac.uci.edu/indiv/wiedeman/

Prev by Date: WIN : Predictable Query IDs Pose Security Risks for DNS Servers]
Next by Date: IRIX :Security hole in at command
Previous by thread: WIN : Predictable Query IDs Pose Security Risks for DNS Servers]
Next by thread: IRIX :Security hole in at command
Index(es):
- Date
- Thread