Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999-q3

Bugtraq Archives: [SECURITY] Current versions of seyon may cont

[SECURITY] Current versions of seyon may contain malicious code

Aleph One (aleph1UNDERGROUND.ORG)
Fri, 20 Aug 1999 12:38:28 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Aleph One: "[SECURITY] New versions of man2html fixes postinst glitch"
Previous message: Aleph One: "[SECURITY] New versions of smtp-refuser fixes security hole"

One year ago, we have received a report from SGI that a vulnerability
has been discovered in the seyon program which can lead to a root
compromise. Any user who can execute the seyon program can exploit
this vulnerability.

However, the license of Seyon doesn't permit us to provide a fix, now
is the Seyon author responsive, nor do we have a patch, nor do we know
an exploit and can't develop a fixe therefore.

We recommend you switch to minicom instead.

The maintainer of Seyon told us the following:

     I notice from reading the SGI announcement that their problem is
     a root exploit because of a setuid Seyon. The Seyon we ship is
     not setuid, so I doubt we'll have a serious problem.

-- Debian GNU/Linux . Security Managers . security

debian.org debian-security-announce

lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish

debian.org> . <wakkerma

debian.org> . <joey

debian.org>

application/pgp-signature attachment: stored

Next message: Aleph One: "[SECURITY] New versions of man2html fixes postinst glitch"
Previous message: Aleph One: "[SECURITY] New versions of smtp-refuser fixes security hole"

This archive was generated by hypermail 2.0b3 on Sat Aug 21 1999 - 02:40:42 CDT