FreeBSD contains the port seyon, which is flawed and may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user places a fake "seyon-emu" or "xterm" in a newly created directory and sets its PATH. Envoking seyon will cause seyon to search the value in $PATH for "xterm" and "seyon-emu" and once it locates either one, the fake will be executed by seyon with seyon privileges. This flaw may lead to a loss of integrity.

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: chmod 750 `which seyon` and add selected users to the "dialer" group.

• Related OSVDB ID: 1149
• Exploit Database: 19609
• CVE ID: 1999-0820 (see also: NVD)
• ISS X-Force ID: 3483
• Bugtraq ID: 780
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1542.html
  http://archives.neohapsis.com/archives/bugtraq/1999-q3/1552.html
  http://archives.neohapsis.com/archives/bugtraq/1999-q3/1561.html
  http://archives.neohapsis.com/archives/bugtraq/1999-q4/0148.html

• Brock Tellier - btellierwebley.com -