COMMAND
	    seyon
SYSTEMS AFFECTED
	    FreeBSD 3.3
PROBLEM
	    Brock  Tellier  found  following.    It  was  tested  on   FreeBSD
	    3.3-RELEASE.   The program  was installed  with the  default perms
	    given when unpacked with sysinstall:
	
	        -rwxr-sr-x 1 bin dialer 88480 Sep 11 00:55 /usr/X11R6/bin/seyon
	
	    To  summarize:  Seyon  was  supposedly  not  meant  to  run   with
	    additional privileges.  There are numerous problems with seyon and
	    Brock probably not found all of them.  They are:
	    Buffer Overflows
	    ================
	    1. $HOME
	    2. seyon -emulator $BUF
	    3. seyon -modems $BUF
	    4. many long text box input string overflows while in program
	    Input Validation:
	    =================
	    1. seyon will  search $PATH for  "xterm" and "seyon-emu"  and exec
	       with fullprivs (as noted in previous advisory)
	    2. seyon -emulator /program/to/execute/with/full/privs
	    These privileges might be upgradable to root if you are able to a)
	    trojan  a  dialer-writable  file  or  b)  use  a symlink attack to
	    clobber .rhosts or similar c. snoop device i/o.
	    Brock did not written buffer overflow exploits for Seyon since  an
	    equivalent-yield program execution vulnerability exists, but it is
	    certianly possible.  The latter exploit is:
	
	        seyon -emulator /program/to/execute
	
	    Note that you'll  have to execute  a program that  will ignore the
	    args that seyon passes to it automatically as shown:
	
	        bash-2.03$ echo 'void main() { system("/usr/bin/id"); }' > id.c
	        bash-2.03$ gcc -o id id.c
	        bash-2.03$ seyon -emulator ./id
	        uid=1000(xnec) gid=1000(xnec) egid=68(dialer) groups=68(dialer), 1000(xnec)
	
SOLUTION
	    Remove suid bit...  Latest seyon should fix that.