Debian Security Advisory

seyon -- root compromise

Date Reported:
29 Aug 1998
Affected Packages:
Security database references:
No other external database security references currently available.
More information:

We have received a report from SGI that a vulnerability has been discovered in the seyon program. This can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.

Since SGI does not provide exploit information, we are unable to fix the problem. SGI provided such information only to recognized security response/incident/coordination organizations and bugtraq doesn't seem to be accepted. SGI doesn't develop patches to third party products, thus there is no chance for a quick fix.

Since a root compromise needs an executable that runs as root we tend to believe that this needs a setuid seyon. The Seyon package as provided with Debian GNU/Linux does not run setuid root.

Thus we doubt that the seyon package as provided with Debian GNU/Linux can be used to exploit root if you don't change the default behaviour.