Date: Fri, 20 Aug 1999 12:38:28 -0700
From: Aleph One <[email protected]>
To: [email protected]Subject: [SECURITY] Current versions of seyon may contain malicious code
--FcSpk3Icpd/Pbul4
Content-Type: text/plain; charset=us-ascii
One year ago, we have received a report from SGI that a vulnerability
has been discovered in the seyon program which can lead to a root
compromise. Any user who can execute the seyon program can exploit
this vulnerability.
However, the license of Seyon doesn't permit us to provide a fix, now
is the Seyon author responsive, nor do we have a patch, nor do we know
an exploit and can't develop a fixe therefore.
We recommend you switch to minicom instead.
The maintainer of Seyon told us the following:
I notice from reading the SGI announcement that their problem is
a root exploit because of a setuid Seyon. The Seyon we ship is
not setuid, so I doubt we'll have a serious problem.
--
Debian GNU/Linux . Security Managers . [email protected][email protected]
Christian Hudon . Wichert Akkerman . Martin Schulze
<[email protected]> . <[email protected]> . <[email protected]>
--FcSpk3Icpd/Pbul4
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQCVAwUBN7xlIBRNm5Suj3z1AQGe+AP/Vi5ujmQOO678or6aA2vbeBMdoV7ka9U4
I6R4bDkB2PgHqPI0cn0pNKaGedJSFTitswnbs47cbTebKeRmV8gaxtK2kBQiO7kt
II0GG5nk26YyP/c3EVlttEdtHIWbixILnsl9s3bI0fDhBUiByK6I18SCwSPlJWH4
Bi+YQJXRemY=
=mIOA
-----END PGP SIGNATURE-----
--FcSpk3Icpd/Pbul4--
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
