Bugtraq mailing list archives

Re: IRIX midikeys root exploit.

From: torkel () HPC2N UMU SE (Björn Torkelsson)
Date: Fri, 21 May 1999 08:55:01 +0200


Erik Mouw <J.A.K.Mouw () ITS TUDELFT NL> writes:

     I have tested this on 2 IRIX 6.5 hosts with success. A patch exists for
     startmidi and stopmidi buffer overflows.


Verified to work on an O2 running IRIX 6.3:
  uname -aR
  IRIX o2 6.3 O2 R10000 12161207 IP32

And on an Octane running IRIX 6.5.3:
  uname -aR
  IRIX64 octane 6.5 6.5.3m 01221553 IP30


Verified to work on an O2 running IRIX 6.5.3.

After a chmod u-s midikeys, midikeys still works, at least after a very
quick test. Does anybody know why midikeys is setuid root?

Is this reported to SGI?

/torkel

Current thread:

IRIX midikeys root exploit. Larry W. Cashdollar (May 19)
- <Possible follow-ups>
- Re: IRIX midikeys root exploit. Erik Mouw (May 20)
- Re: IRIX midikeys root exploit. Philipp Schott (May 20)
- Re: IRIX midikeys root exploit. Björn Torkelsson (May 20)
- Re: IRIX midikeys root exploit. Steve Allen (May 21)