[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] Current versions of seyon may contain malicious code

Buenas.

Os dejo esto aqui, ya que creo que puede ser de interes general y puede
evitar algun sustillo a alguien.


On Thu, Aug 19, 1999 at 10:12:17PM +0200, Martin Schulze wrote:
> One year ago, we have received a report from SGI that a vulnerability
> has been discovered in the seyon program which can lead to a root
> compromise.  Any user who can execute the seyon program can exploit
> this vulnerability.
> 
> However, the license of Seyon doesn't permit us to provide a fix, now
> is the Seyon author responsive, nor do we have a patch, nor do we know
> an exploit and can't develop a fixe therefore.
> 
> We recommend you switch to minicom instead.
> 
> The maintainer of Seyon told us the following:
> 
>      I notice from reading the SGI announcement that their problem is
>      a root exploit because of a setuid Seyon.  The Seyon we ship is
>      not setuid, so I doubt we'll have a serious problem.
> 
> 
> --
> Debian GNU/Linux    .    Security Managers    .    security@debian.org
>               debian-security-announce@lists.debian.org
>   Christian Hudon     .      Wichert Akkerman     .     Martin Schulze
> <chrish@debian.org>   .   <wakkerma@debian.org>   .   <joey@debian.org>



-- 
Have a nice day  ;-)
TooManySecrets
Reply to: