Bugtraq mailing list archives
Seyon vulnerability - IRIX
From: shillis () CLCSMAIL KSC NASA GOV (Shawn Hillis)
Date: Tue, 17 Jun 1997 11:16:54 -0400
I am kinda surprised that I haved seen anything come across about this
on bugtraq. I searched the archives and only found one reference for
seyon and that was on linux. So, even tho' I looked, I apologize if
this is old news.
Anyway, seyon is a telecommunications package for the X Window System
and I believe that it is freeware. It seems that when seyon starts, it
tries to execute 'seyon-emu'. When it fails to find that, it opens an
xterm instead. Unfortunately, it opens xterm and not
/usr/bin/X11/xterm. That's right, another relative path call.
I'm not sure if seyon actually needs to be setuid to root to work or
not, but it seems to be commonly installed that way. I tested it on
Irix 6.3 and it will give you euid=0 easily enough.
--
--------------------------------------------------------------
Shawn Hillis Network Engineer
Lockheed-Martin shillis () clcsmail ksc nasa gov
KSC Phone: (407) 861-2229
Current thread:
- Wrapper v2 released Joe Zbiciak (Jun 15)
- Netscape Admin Servers /tmp/deamonstat Yucel (Jun 17)
- Netscape Admin Servers *not vulnerable* Marcin Cieslak (Jun 17)
- Security hole in MajorCool 1.0.3 Benjamin J Stassart (Jun 18)
- ANNOUNCE: qmail Security Challenge Dave Sill (Jun 18)
- Seyon vulnerability - IRIX Shawn Hillis (Jun 17)
- Netscape Admin Servers /tmp/deamonstat Yucel (Jun 17)