Date: Fri, 20 Aug 1999 12:38:28 -0700
From: Aleph One <aleph1@UNDERGROUND.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [SECURITY] Current versions of seyon may contain malicious code
--FcSpk3Icpd/Pbul4
Content-Type: text/plain; charset=us-ascii
One year ago, we have received a report from SGI that a vulnerability
has been discovered in the seyon program which can lead to a root
compromise. Any user who can execute the seyon program can exploit
this vulnerability.
However, the license of Seyon doesn't permit us to provide a fix, now
is the Seyon author responsive, nor do we have a patch, nor do we know
an exploit and can't develop a fixe therefore.
We recommend you switch to minicom instead.
The maintainer of Seyon told us the following:
I notice from reading the SGI announcement that their problem is
a root exploit because of a setuid Seyon. The Seyon we ship is
not setuid, so I doubt we'll have a serious problem.
--
Debian GNU/Linux . Security Managers . security@debian.org
debian-security-announce@lists.debian.org
Christian Hudon . Wichert Akkerman . Martin Schulze
<chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--FcSpk3Icpd/Pbul4
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN7xlIBRNm5Suj3z1AQGe+AP/Vi5ujmQOO678or6aA2vbeBMdoV7ka9U4
I6R4bDkB2PgHqPI0cn0pNKaGedJSFTitswnbs47cbTebKeRmV8gaxtK2kBQiO7kt
II0GG5nk26YyP/c3EVlttEdtHIWbixILnsl9s3bI0fDhBUiByK6I18SCwSPlJWH4
Bi+YQJXRemY=
=mIOA
-----END PGP SIGNATURE-----
--FcSpk3Icpd/Pbul4--
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
