[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU screen buffer overflow

To: Timo Sirainen <tss@iki.fi>
Subject: Re: GNU screen buffer overflow
From: Mariusz Woloszyn <emsi@ipartners.pl>
Date: Mon, 1 Dec 2003 12:41:16 +0100 (CET)

On Thu, 27 Nov 2003, Timo Sirainen wrote:

> Buffer overflow in GNU screen allows privilege escalation for local users.
> Usually screen is installed either setgid-utmp or setuid-root.
>
With devpts and libutempter it is possible to install fully functional
screen without suid/sgid.

-- 
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners

Follow-Ups:
- Re: GNU screen buffer overflow
  - From: Kyle Sallee <cromwell@metalab.unc.edu>

Prev by Date: Surfboard <= 1.1.8 vulns
Next by Date: Virtual Programming VP-ASP Shopping Cart 5.0 multiple SQL Injection Vulnerabilities
Previous by thread: Surfboard <= 1.1.8 vulns
Next by thread: Re: GNU screen buffer overflow
Index(es):
- Date
- Thread