[32626] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: GNU screen buffer overflow

daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Mon Dec 1 12:36:33 2003

Date: Mon, 1 Dec 2003 12:41:16 +0100 (CET)
From: Mariusz Woloszyn <emsi@ipartners.pl>
To: Timo Sirainen <tss@iki.fi>
Cc: bugtraq@securityfocus.com
In-Reply-To: <1069896544.14196.46.camel@hurina>
Message-ID: <Pine.LNX.4.58.0312011239350.2263@dzyngiel.ipartners.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: 8BIT

On Thu, 27 Nov 2003, Timo Sirainen wrote:

> Buffer overflow in GNU screen allows privilege escalation for local users.
> Usually screen is installed either setgid-utmp or setuid-root.
>
With devpts and libutempter it is possible to install fully functional
screen without suid/sgid.

-- 
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners

home	help	back	first	fref	pref	prev	next	nref	lref	last	post