|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Saturday, 21 August 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Printable]|
Debian Security Team recommendation to avoid Seyon
In a post to BugTraq today, the Debian team suggested to avoid using Seyon for fear of a possible root compromise.
|Page 1 of 1|
To: BugTraq Subject: [SECURITY] Current versions of seyon may contain malicious code
One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.
However, the license of Seyon doesn't permit us to provide a fix, now is the Seyon author responsive, nor do we have a patch, nor do we know an exploit and can't develop a fixe therefore.
We recommend you switch to minicom instead.
The maintainer of Seyon told us the following:
I notice from reading the SGI announcement that their problem is a root exploit because of a setuid Seyon. The Seyon we ship is not setuid, so I doubt we'll have a serious problem.
Debian GNU/Linux . Security Managers . firstname.lastname@example.org
Christian Hudon . Wichert Akkerman . Martin Schulze
|Page 1 of 1|