Home page logo

bugtraq logo Bugtraq mailing list archives

'screen' exploit errata: RHSA-2000:058-03
From: Dunnavant Crutcher <crutcher () REDHAT COM>
Date: Thu, 7 Sep 2000 15:59:38 -0400

Screen allows the user to overload the visual bell with a text message
can be set by the user. This text message is handled as a format string,
instead of as a pure string, so maliciously written format strings are
allowed to overwrite the stack. Since screen in Red Hat Linux 5.2 and
earlier releases was setuid root, this security hole could be exploited
gain a root shell.

We are pushing an errata on this, that distributes a fixed RPM,
The Errata Number is RHSA-2000:058-03
"I may be a monkey,     Crutcher Dunnavant
 but I'm a monkey       <crutcher () redhat com>
 with ambition!"        Red Hat OS Development

  By Date           By Thread  

Current thread:
  • 'screen' exploit errata: RHSA-2000:058-03 Dunnavant Crutcher (Sep 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]