[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] Seyon is vulnerable to a root exploit



Description
-----------

    We have received a report from SGI that a vulnerability has been
    discovered in the seyon program.  This can lead to a root
    compromise.  Any user who can execute the seyon program can
    exploit this vulnerability.

    Since SGI does not provide exploit information, we are unable to
    fix the problem.  SGI provided such information only to recognized
    security response/incident/coordination organizations and bugtraq
    doesn't seem to be accepted.  SGI doesn't develop patches to third
    party products, thus there is no chance for a quick fix.

Vulnerability
-------------

    Since a root compromise needs an executable that runs as root we
    tend to belive that this needs a setuid seyon.  The Seyon package
    as provided with Debian GNU/Linux does *not* run setuid root.

    Thus we doubt that the seyon package as provided with Debian
    GNU/Linux can be used to exploit root if you don't change the
    default behaviour.

-- 
Never trust an operating system you don't have source for!

Attachment: pgp1y1mjtfLU5.pgp
Description: PGP signature


Reply to: