Current versions of seyon may contain malicious code
Posted by LinuxSecurity.com Team   
Debian One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.
One year ago, we have received a report from SGI that a vulnerability
has been discovered in the seyon program which can lead to a root
compromise.  Any user who can execute the seyon program can exploit
this vulnerability.

However, the license of Seyon doesn't permit us to provide a fix, now
is the Seyon author responsive, nor do we have a patch, nor do we know
an exploit and can't develop a fixe therefore.

We recommend you switch to minicom instead.

The maintainer of Seyon told us the following:

     I notice from reading the SGI announcement that their problem is
     a root exploit because of a setuid Seyon.  The Seyon we ship is
     not setuid, so I doubt we'll have a serious problem.


--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
  Christian Hudon     .      Wichert Akkerman     .     Martin Schulze
   .      .