Bugtraq mailing list archives
Seyon vulnerability - IRIX
From: shillis () CLCSMAIL KSC NASA GOV (Shawn Hillis)
Date: Tue, 17 Jun 1997 11:16:54 -0400
I am kinda surprised that I haved seen anything come across about this on bugtraq. I searched the archives and only found one reference for seyon and that was on linux. So, even tho' I looked, I apologize if this is old news. Anyway, seyon is a telecommunications package for the X Window System and I believe that it is freeware. It seems that when seyon starts, it tries to execute 'seyon-emu'. When it fails to find that, it opens an xterm instead. Unfortunately, it opens xterm and not /usr/bin/X11/xterm. That's right, another relative path call. I'm not sure if seyon actually needs to be setuid to root to work or not, but it seems to be commonly installed that way. I tested it on Irix 6.3 and it will give you euid=0 easily enough. -- -------------------------------------------------------------- Shawn Hillis Network Engineer Lockheed-Martin shillis () clcsmail ksc nasa gov KSC Phone: (407) 861-2229
Current thread:
- Wrapper v2 released Joe Zbiciak (Jun 15)
- Netscape Admin Servers /tmp/deamonstat Yucel (Jun 17)
- Netscape Admin Servers *not vulnerable* Marcin Cieslak (Jun 17)
- Security hole in MajorCool 1.0.3 Benjamin J Stassart (Jun 18)
- ANNOUNCE: qmail Security Challenge Dave Sill (Jun 18)
- Seyon vulnerability - IRIX Shawn Hillis (Jun 17)
- Netscape Admin Servers /tmp/deamonstat Yucel (Jun 17)