Bugtraq mailing list archives
Re: [SECURITY] Seyon is vulnerable to a root exploit
From: morisson () CRYOGEN COM (Bruno Morisson)
Date: Mon, 31 Aug 1998 19:34:32 +0100
Martin Schulze wrote:
Since SGI does not provide exploit information, we are unable to fix the problem. SGI provided such information only to recognized security response/incident/coordination organizations and bugtraq doesn't seem to be accepted. SGI doesn't develop patches to third party products, thus there is no chance for a quick fix.
The bug is in a command line argument to seyon. If you do root:~# seyon -noemulator <very long string (approximately 200 bytes)> it will overflow. Getting a shell is trivial (although it needs to regain previleges through a setreuid(0,0) for example, since seyon drops previleges), but we were unable to find any Linux distribution that shipped seyon suid root(at least not the latest slackware and redhat5.1, we had no access to others). It seems that in redhat 5.1 it is sgid uucp. We were able to exploit the bug, so in cases where seyon is suid root it is possible to get a root shell. Regards, Bruno Morisson and Marco Vaz
Current thread:
- Re: [SECURITY] Seyon is vulnerable to a root exploit Bruno Morisson (Aug 31)