Originally Published: Saturday, 21 August 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Debian Security Team recommendation to avoid Seyon

In a post to BugTraq today, the Debian team suggested to avoid using Seyon for fear of a possible root compromise.

   Page 1 of 1  

To: BugTraq Subject: [SECURITY] Current versions of seyon may contain malicious code

One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.

However, the license of Seyon doesn't permit us to provide a fix, now is the Seyon author responsive, nor do we have a patch, nor do we know an exploit and can't develop a fixe therefore.

We recommend you switch to minicom instead.

The maintainer of Seyon told us the following:

I notice from reading the SGI announcement that their problem is a root exploit because of a setuid Seyon. The Seyon we ship is not setuid, so I doubt we'll have a serious problem.

-- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze . .

   Page 1 of 1