[7794] in bugtraq
[SECURITY] Seyon is vulnerable to a root exploit
daemon@ATHENA.MIT.EDU (Martin Schulze)
Fri Aug 28 23:19:49 1998
Date: Sat, 29 Aug 1998 02:48:14 +0200
Reply-To: Debian Security <debian-security-private@lists.debian.org>
From: Martin Schulze <joey@DEBIAN.ORG>
X-To: Debian Security Announcements
<debian-security-announce@lists.debian.org>
To: BUGTRAQ@NETSPACE.ORG
--5xSkJheCpeK0RUEJ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Description
-----------
We have received a report from SGI that a vulnerability has been
discovered in the seyon program. This can lead to a root
compromise. Any user who can execute the seyon program can
exploit this vulnerability.
Since SGI does not provide exploit information, we are unable to
fix the problem. SGI provided such information only to recognized
security response/incident/coordination organizations and bugtraq
doesn't seem to be accepted. SGI doesn't develop patches to third
party products, thus there is no chance for a quick fix.
Vulnerability
-------------
Since a root compromise needs an executable that runs as root we
tend to belive that this needs a setuid seyon. The Seyon package
as provided with Debian GNU/Linux does *not* run setuid root.
Thus we doubt that the seyon package as provided with Debian
GNU/Linux can be used to exploit root if you don't change the
default behaviour.
--=20
Never trust an operating system you don't have source for!
--5xSkJheCpeK0RUEJ
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBNedPzhRNm5Suj3z1AQHEpwP+MYhSUKw6w+801H5WNJpptShGXCTmpUkE
Ud7TdBIgdaiNQY7KSPvDxBjIE2y2cxJ66fmqr4283DkA/38WqULXEKyjCL0hv0eM
4rEA4LJtTGHUDwm1BRxiLhMra7s2BA/anguwGOKpHKtDdtkBmXUY5qrEXVwt9KU7
6GV5D3ASz+U=
=Srhw
-----END PGP SIGNATURE-----
--5xSkJheCpeK0RUEJ--
