Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: screen 4.0.3 local Authentication Bypass

Re: screen 4.0.3 local Authentication Bypass

From: Lolek of TK53 <lolek1337_at_googlemail.com>
Date: Mon, 4 Jun 2007 19:00:38 +0200

Hi,
On 6/4/07, rembrandt_at_jpberlin.de <rembrandt_at_jpberlin.de> wrote:
> Please take a look at the Attachement dear List moderator. :)
...
> It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.
>
> How to reproduce:
>
> Lock screen using ctrl+x
> Choose a Password
> Confirm the Password
>
> Screen asks for a Password to unlock the screen.
> Just press ctrl+c and it displays "Getpass error".
> 2 seconds later the screen is unlocked and you`ve access.

This is not reproducable with screen 4.0.3 on a Linux system. Also
with looking at the code of screen I can see no vulnerability in this
context. Can you show some code that proves your claim?
If not I suggest to get a better operating system distributor ;)
Cheers
Lolek of TK53
P.S. It's ctrl-a x not ctrl-x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jun 04 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]