[2341] in bugtraq
Re: security vulnerabilities in screen
daemon@ATHENA.MIT.EDU (Richard Bellingar)
Thu Nov 2 20:33:26 1995
Date: Wed, 1 Nov 1995 16:14:16 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Richard Bellingar <ubellrj@LEXIS-NEXIS.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199510301815.KAA02826@hops.Stanford.EDU>
Stephen,
The only screen related security issues I have seen discussions on
centered around the "glare" potential; i.e., someone stealing an active
screen session or "recovering" a disconnected screen session, rather than
problems or exposures relating to the SUID nature of the tool. If you hear
something about SUID-exposures, please pass it along (I use screen _a lot_
when I can't get an X session...)
Thanks.
rick.bellingar@lexis-nexis.com
----+----
Rick Bellingar, Staff Security Analyst, (513) 865-7005
LEXIS-NEXIS, 9443 Springboro Pike, Miamisburg, Ohio 45342 (USA)
-*- Press on...persistence and determination alone are omnipotent -*-
On Mon, 30 Oct 1995, Stephen E. Hansen wrote:
> Someone just send me a note asking if I was aware of any security
> vulnerabilities in the program "screen" (it uses ptty's for multiple
> sessions and session reconnects). He was concerned because it claims
> to need to be suid root to function properly. I have a fuzzy memory
> of there a security problem report about screen, but it was two or
> three years ago and I can't find it in my e-mail archive.
>
> Can any one out there verify that a problem exists or that a patched
> version is available?
>
> Thanks,
> Stephen Hansen
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Stephen E. Hansen - Computer Security Officer - security@Stanford.EDU
> Room 319, Sweet Hall Stanford University, Stanford, CA 94305-3090
> Phone: +1-415-723-2911 WWW: http://www.stanford.edu/~security
> Fax: +1-415-725-1548 PGP: finger security-pgp@netserver.Stanford.EDU
>
> The church is near, but the road is icy.
> The bar is far away, but I will walk carefully. -- Russian Proverb
