Seyon vulnerability - IRIX

Shawn Hillis (shillis@CLCSMAIL.KSC.NASA.GOV)
Tue, 17 Jun 1997 11:16:54 -0400

I am kinda surprised that I haved seen anything come across about this
on bugtraq. I searched the archives and only found one reference for
seyon and that was on linux. So, even tho' I looked, I apologize if
this is old news.

Anyway, seyon is a telecommunications package for the X Window System
and I believe that it is freeware. It seems that when seyon starts, it
tries to execute 'seyon-emu'. When it fails to find that, it opens an
xterm instead. Unfortunately, it opens xterm and not
/usr/bin/X11/xterm. That's right, another relative path call.

I'm not sure if seyon actually needs to be setuid to root to work or
not, but it seems to be commonly installed that way. I tested it on
Irix 6.3 and it will give you euid=0 easily enough.

--
--------------------------------------------------------------
Shawn Hillis                    Network Engineer
Lockheed-Martin                 shillis@clcsmail.ksc.nasa.gov
KSC                             Phone: (407) 861-2229