Bugtraq mailing list archives
Re: IRIX: Bug in startmidi
From: volobuev () T1 CHEM UMN EDU (Yuri Volobuev)
Date: Mon, 10 Feb 1997 16:06:39 -0600
YV> You must have some special configuration, I recon. On the box I YV> was testing on YV> showfiles | grep startmidi f 64563 18688 dmedia_eoe.sw.midi YV> usr/sbin/startmidi YV> It's Irix 5.3 with all security patches applied, plus DSE 1.1. This is what I get: showfiles | grep startmidi f 46022 18608 dmedia_eoe.sw.midi usr/sbin/startmidi This is on an unpatched 5.3 box. Looks like it was fixed at some point, although I can find no reference to it anywhere....
I checked where binary on my machine came from, it looks it originates from DSE (Desktop Special Edition) distribution. At least the one on the DSE 1.0 CD I have is the same as the installed one (dealing with Irix inst is a royal pain in ass). So I guess saying that those who have original Irix 5.3 startmidi installed are vulnerable, and those who have DSE installed are not would be a true statement. Of course, it's only true about 5.3, I've no idea how things are done in 6.2. I suspect it's fixed there, in the same way it was fixed in DSE, but remembering the same sets of bugs found in 6.x after they were found and fixed in 5.3, I'd be careful with any assumptions. Thanks again to our friends in SGI for promptly notifying its customers about known security problems, at cost of own prestige. cheers, yuri Always speaking for myself, and only for myself
Current thread:
- Re: IRIX: Bug in startmidi Yuri Volobuev (Feb 10)