News for wibblers. Stuff that really doesn't matter. |
|
News for wibblers. Stuff that really doesn't matter. |
|
Save the teapot fund
New CSS web design for Wibble proudly provided by Kelv. Please contact the webmaster with any questions or concerns. |
Wibble > List archives > bugtraq > 2000 [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: irix-soundplayer.sh
pda@xxxxxxxxxx writes: > > midikeys might not setuid these days but you get the idea... > > Worked fine on Irix 6.4 here... although i had to change csh to sh > for some reason... csh returned permission denied, 4755 and all. I > assume the fix is to take out the suid bit? Or remove/don't install dmedia_eoe.sw.synth. Though it's included on standard install of IRIX on newly purchased SGI's, it isn't one of the packages installed when building a new OS from the 6.5.x CDROMs. Better yet, follow Security Focus and SGI security lists at the URLs below. Both Security Focus and SGI have had a security advisory on the midikeys vulnerability out since May 1999. Both advisories suggested the above fix. http://www.sgi.com/Support/security/security.html http://www.securityfocus.com/ Said another way, there was nothing new about the irix-soundplayer.sh script -- it exploited a fairly old, widely known vulnerability that should be fixed on any properly maintained IRIX box. If your machine still had that hole open, it's likely got several other problems waiting for the script kiddies to exploit. The first step in securing any system is realizing the the vendor didn't do it for you.... -- /* Dale Southard Jr. 219/631-7326 fax:219/631-5952 */ /* Science Computing Associate, dsouth@xxxxxx -- pgp accepted */ /* 202A NSH, University of Notre Dame <http://www.nd.edu/~dsouth> */ /* AFF/I,SL/I,T/I,S&TA,D-11216,Sr.Rig "I'd rather be skydiving" */
|
