[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] screen 4.0.3 local Authentication Bypass

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] screen 4.0.3 local Authentication Bypass
From: rembrandt@xxxxxxxxxxx
Date: Mon, 4 Jun 2007 05:36:31 +0200 (CEST)

Please take a look at the Attachement dear List moderator. :)

Kind regards,
Rembrandt

                     _   _ _____ _     ___ _____ _   _
                   / / / / ____/ /   /  _/_  __/ / / /
                  / /_/ / __/ / /    / /  / / / /_/ /
                 / __  / /___/ /____/ /  / / / __  /
                /_/ /_/_____/_____/___/ /_/ /_/ /_/
                           Helith - 0815
--------------------------------------------------------------------------------


Author: Rembrandt
Date: Known since somewhere in &cant_remember
Affected Software: screen <= 4.0.3
Type: Local
Type: Authentication Bypass

Greets go to: Helith and all affiliated People, t3c0, levent, str0ke,
              hdm, The EOF-Crew, rrlf, herm1t, Solar Designer, softxor,
              Packetstorm, FeFe, kscope, Zarathu, f0rg3, Mr. Joern Alles

Disrespect goes to: A Bank [/]
                    And others included into this case...

Personal note: I wanna get MY STUFF BACK!
               This is the last "diplomatic" attemp made directly.
               Contact me if you`re interested into a deescalation.
               Nobody is interested into making the things even more complicated
               or? So make your choice. And you better hurry...
               And this is no blackmailing attemp but others may decide for you
               if you don`t do it.
               IMPORTENT: Turn your brain "ON" this time.
--------------------------------------------------------------------------------

I didn`t found a Adv. related to this so I decided to write one. :]

screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a Password.

It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.

How to reproduce:

Lock screen using ctrl+x
Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c and it displays "Getpass error".
2 seconds later the screen is unlocked and you`ve access.


Have fun!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- [Full-disclosure] Full Path Disclosure eqDKP 1.3.2c and prior
  - From: kefka
- Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass
  - From: Alexander Klink
- Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass
  - From: Lolek of TK53
- Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass
  - From: Sûnnet Beskerming
- Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass
  - From: Open Phugu
- Re: [Full-disclosure] screen 4.0.3 local Authentication Bypass
  - From: Oliver Starke

Prev by Date: [Full-disclosure] apryl maynard, internet humanitarian
Next by Date: [Full-disclosure] Full Path Disclosure eqDKP 1.3.2c and prior
Previous by thread: [Full-disclosure] apryl maynard, internet humanitarian
Next by thread: [Full-disclosure] Full Path Disclosure eqDKP 1.3.2c and prior
Index(es):
- Date
- Thread