Bugtraq: Re: GNU screen buffer overflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: GNU screen buffer overflow

From: Kyle Sallee <cromwell () metalab unc edu>
Date: Mon, 1 Dec 2003 16:48:38 -0500 (EST)

On Mon, 1 Dec 2003, Mariusz Woloszyn wrote:

On Thu, 27 Nov 2003, Timo Sirainen wrote:

Buffer overflow in GNU screen allows privilege escalation for local users.
Usually screen is installed either setgid-utmp or setuid-root.

With devpts and libutempter it is possible to install fully functional
screen without suid/sgid.


Does that mean any program that links with libutempter gains
complete suid/sgid root functionality, or only when executing 
the functions in the libutempter library, please?

By Date By Thread

Current thread:

Re: GNU screen buffer overflow Mariusz Woloszyn (Dec 01)
- Re: GNU screen buffer overflow Kyle Sallee (Dec 03)
  - Re: GNU screen buffer overflow Pavel Kankovsky (Dec 03)
    - Re: GNU screen buffer overflow Casper Dik (Dec 03)