sgi-midikeys-rogue-keyboard

The sgi-midikeys program is a utility for editing MIDI files on SGI IRIX systems. It allows users to modify arbitrary files via a text editor, making it vulnerable to local file inclusion attacks.

You're affected if you use the original sgi-midikeys version 1.0 or later. This is an older system software, so if you don't recognise the name, you're probably not affected. Check with your IT department if your organisation uses SGI IRIX systems.

Version info: Not specified in the advisory.
Check command: No specific check command provided; manual verification required.

1. Download the patched version from patches.sgi.com: ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A
2. Apply the patch manually to the sgi-midikeys program.
3. Immediate mitigations:
   • Restrict access to the sgi-midikeys program (e.g., set permissions to read-only).
   • Monitor system logs for suspicious activity.

• patches.sgi.com
• www.securityfocus.com
• patches.sgi.com
• www.securityfocus.com