[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] Current versions of seyon may contain malicious code



One year ago, we have received a report from SGI that a vulnerability
has been discovered in the seyon program which can lead to a root
compromise.  Any user who can execute the seyon program can exploit
this vulnerability.

However, the license of Seyon doesn't permit us to provide a fix, now
is the Seyon author responsive, nor do we have a patch, nor do we know
an exploit and can't develop a fixe therefore.

We recommend you switch to minicom instead.

The maintainer of Seyon told us the following:

     I notice from reading the SGI announcement that their problem is
     a root exploit because of a setuid Seyon.  The Seyon we ship is
     not setuid, so I doubt we'll have a serious problem.


--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .      Wichert Akkerman     .     Martin Schulze
<chrish@debian.org>   .   <wakkerma@debian.org>   .   <joey@debian.org>

Attachment: pgp1vEQ3nXXnk.pgp
Description: PGP signature


Reply to: