Re: [SECURITY] Current versions of seyon may contain malicious code
Buenas.
Os dejo esto aqui, ya que creo que puede ser de interes general y puede
evitar algun sustillo a alguien.
On Thu, Aug 19, 1999 at 10:12:17PM +0200, Martin Schulze wrote:
> One year ago, we have received a report from SGI that a vulnerability
> has been discovered in the seyon program which can lead to a root
> compromise. Any user who can execute the seyon program can exploit
> this vulnerability.
>
> However, the license of Seyon doesn't permit us to provide a fix, now
> is the Seyon author responsive, nor do we have a patch, nor do we know
> an exploit and can't develop a fixe therefore.
>
> We recommend you switch to minicom instead.
>
> The maintainer of Seyon told us the following:
>
> I notice from reading the SGI announcement that their problem is
> a root exploit because of a setuid Seyon. The Seyon we ship is
> not setuid, so I doubt we'll have a serious problem.
>
>
> --
> Debian GNU/Linux . Security Managers . security@debian.org
> debian-security-announce@lists.debian.org
> Christian Hudon . Wichert Akkerman . Martin Schulze
> <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org>
--
Have a nice day ;-)
TooManySecrets
Reply to: