FreeBSD seyon Multiple Argument HOME Variable Local Overflow
Local Access Required
Loss of Integrity
A local overflow exists in seyon, a FreeBSD port. The X11 communications program fails to validate input into the HOME environmental variable, passing the -emulator argument, -modems argument, or the GUI, resulting in a buffer overflow. With a specially crafted request, an attacker can gain the privileges of seyon, resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: chmod 750 `which seyon` and add selected users to the "dialer" group.