Bugtraq mailing list archives
'screen' exploit errata: RHSA-2000:058-03
From: Dunnavant Crutcher <crutcher () REDHAT COM>
Date: Thu, 7 Sep 2000 15:59:38 -0400
Screen allows the user to overload the visual bell with a text message that can be set by the user. This text message is handled as a format string, instead of as a pure string, so maliciously written format strings are allowed to overwrite the stack. Since screen in Red Hat Linux 5.2 and earlier releases was setuid root, this security hole could be exploited to gain a root shell. We are pushing an errata on this, that distributes a fixed RPM, screen-3.7.4-4 The Errata Number is RHSA-2000:058-03 -- "I may be a monkey, Crutcher Dunnavant but I'm a monkey <crutcher () redhat com> with ambition!" Red Hat OS Development
Current thread:
- 'screen' exploit errata: RHSA-2000:058-03 Dunnavant Crutcher (Sep 08)