Date: Thu, 19 Aug 1999 22:12:17 +0200 From: Martin Schulze <joey@finlandia.Infodrom.North.DE> To: Debian Security Announcements <debian-security-announce@lists.debian.org> Subject: [SECURITY] Current versions of seyon may contain malicious code --FcSpk3Icpd/Pbul4 Content-Type: text/plain; charset=us-ascii One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability. However, the license of Seyon doesn't permit us to provide a fix, now is the Seyon author responsive, nor do we have a patch, nor do we know an exploit and can't develop a fixe therefore. We recommend you switch to minicom instead. The maintainer of Seyon told us the following: I notice from reading the SGI announcement that their problem is a root exploit because of a setuid Seyon. The Seyon we ship is not setuid, so I doubt we'll have a serious problem. -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon . Wichert Akkerman . Martin Schulze <chrish@debian.org> . <wakkerma@debian.org> . <joey@debian.org> --FcSpk3Icpd/Pbul4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia iQCVAwUBN7xlIBRNm5Suj3z1AQGe+AP/Vi5ujmQOO678or6aA2vbeBMdoV7ka9U4 I6R4bDkB2PgHqPI0cn0pNKaGedJSFTitswnbs47cbTebKeRmV8gaxtK2kBQiO7kt II0GG5nk26YyP/c3EVlttEdtHIWbixILnsl9s3bI0fDhBUiByK6I18SCwSPlJWH4 Bi+YQJXRemY= =mIOA -----END PGP SIGNATURE----- --FcSpk3Icpd/Pbul4-- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org