Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: GNU screen buffer overflow

Re: GNU screen buffer overflow

From: Mariusz Woloszyn <emsi_at_ipartners.pl>
Date: Mon, 1 Dec 2003 12:41:16 +0100 (CET)

On Thu, 27 Nov 2003, Timo Sirainen wrote:

> Buffer overflow in GNU screen allows privilege escalation for local users.
> Usually screen is installed either setgid-utmp or setuid-root.
>
With devpts and libutempter it is possible to install fully functional
screen without suid/sgid.

-- 
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners

Received on Dec 01 2003

This message: [ Message body ]
Next message: Luigi Auriemma: "Surfboard <= 1.1.8 vulns"
Previous message: S-Quadra Security Research: "Virtual Programming VP-ASP Shopping Cart 5.0 multiple SQL Injection Vulnerabilities"
Next in thread: Kyle Sallee: "Re: GNU screen buffer overflow"
Reply: Kyle Sallee: "Re: GNU screen buffer overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]