Bugtraq mailing list archives

IRIX midikeys vulnerability list.

From: lwcashd () BIW COM (Larry W. Cashdollar)
Date: Fri, 21 May 1999 10:56:33 -0400


I am attempting to compile a list of vulnerable systems for this exploit.  I would like
to provide as much information to SGI as possible. Here is what I have found so
far.

Erik Mouw  Email J.A.K.Mouw () its tudelft nl   |
---------------------------------------------|
Verified to work on an O2 running IRIX 6.3:  |
  uname -aR
  IRIX o2 6.3 O2 R10000 12161207 IP32

And on an Octane running IRIX 6.5.3:
  uname -aR
  IRIX64 octane 6.5 6.5.3m 01221553 IP30

Larry W. Cashdollar     lwcashd () biw com            | 
----------------------------------------------|
Verified on an ONYX/2 running IRIX 6.5.
  uname -aR
  IRIX64 onyx 6.5 05190003 IP27

Verified on an Indigo running IRIX 6.5.                         
  uname -aR
  IRIX64 flier 6.5 05190004 IP28

I was unable to test this on our IRIX 6.2 box.
/usr/sbin/midikeys does exist and it is setuid
root however.

Anthony C . Zboralski acz () hert org            |
----------------------------------------------|                         
It works on latest 6.5.4 maintenance release: |
IRIX ra 6.5 04151556 IP32 mips



Larry W. Cashdollar

Unix Administrator
Computer Security Operations

Current thread:

IRIX midikeys vulnerability list. Larry W. Cashdollar (May 21)
- <Possible follow-ups>
- Re: IRIX midikeys vulnerability list. Aleph One (May 21)