Bugtraq mailing list archives
Re: irix-soundplayer.sh
From: dsouth () ND EDU (Dale Southard)
Date: Tue, 4 Jan 2000 16:57:46 -0500
pda () ING PUC CL writes:
midikeys might not setuid these days but you get the idea...Worked fine on Irix 6.4 here... although i had to change csh to sh for some reason... csh returned permission denied, 4755 and all. I assume the fix is to take out the suid bit?
Or remove/don't install dmedia_eoe.sw.synth. Though it's included on standard install of IRIX on newly purchased SGI's, it isn't one of the packages installed when building a new OS from the 6.5.x CDROMs. Better yet, follow Security Focus and SGI security lists at the URLs below. Both Security Focus and SGI have had a security advisory on the midikeys vulnerability out since May 1999. Both advisories suggested the above fix. http://www.sgi.com/Support/security/security.html http://www.securityfocus.com/ Said another way, there was nothing new about the irix-soundplayer.sh script -- it exploited a fairly old, widely known vulnerability that should be fixed on any properly maintained IRIX box. If your machine still had that hole open, it's likely got several other problems waiting for the script kiddies to exploit. The first step in securing any system is realizing the the vendor didn't do it for you.... -- /* Dale Southard Jr. 219/631-7326 fax:219/631-5952 */ /* Science Computing Associate, dsouth () nd edu -- pgp accepted */ /* 202A NSH, University of Notre Dame <http://www.nd.edu/~dsouth> */ /* AFF/I,SL/I,T/I,S&TA,D-11216,Sr.Rig "I'd rather be skydiving" */
Current thread:
- Re: irix-soundplayer.sh pda () ING PUC CL (Jan 04)
- Re: irix-soundplayer.sh Dale Southard (Jan 04)
- Re: irix-soundplayer.sh Darren Reed (Jan 04)
- L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper Dildog (Jan 04)
- Re: L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper cogNiTioN (Jan 05)
- Re: L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper gwynp () ARTWARE QC CA (Jan 05)
- IE 5 security vulnerablity - circumventing Cross-frame security policy and accessing the DOM of "old" documents. Georgi Guninski (Jan 07)
- Re: L0pht Advisory: RH Linux 6.0/6.1, PAM and userhelper cogNiTioN (Jan 05)