[16635] in bugtraq
Re: Screen local compromise
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Thu Sep 7 12:43:26 2000
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-880437448P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-ID: <200009071339.e87Dd9014748@black-ice.cc.vt.edu>
Date: Thu, 7 Sep 2000 09:39:09 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: Paul Starzetz <paul@STARZETZ.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 06 Sep 2000 18:28:58 +0200."
<39B670CA.E3835DCB@starzetz.de>
--==_Exmh_-880437448P
Content-Type: text/plain; charset=us-ascii
On Wed, 06 Sep 2000 18:28:58 +0200, Paul Starzetz <paul@STARZETZ.DE> said:
> it seems that Aix 4.2.x with screen 3.08.06beta (FAU) 18-Dec-96 is still
> vulnerable :-)
>
> -rwsr-xr-x 1 root system 396529 Jan 29 1997
> /usr/local/bin/screen-3.8.6
Note that this is *NOT* an AIX issue, as neither screen nor any sort of
/usr/local directory tree is shipped as part of AIX 4.2 or 4.3. The
sysadmin who installed screen needs to upgrade it to a non-vulnerable
version.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_-880437448P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBObeafHAt5Vm009ewEQLRmACfXps7g1U5BWLMMzUzyCfDrF6K80kAnRJl
d9X52ZmpC1zOgHlzUDMhll1P
=/COF
-----END PGP SIGNATURE-----
--==_Exmh_-880437448P--
