SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#524227

GNU screen contains buffer overflow

Overview

A locally exploitable buffer overflow exists in GNU screen. An exploit is publicly available for this vulnerability.

I. Description

The Free Software Foundation describes GNU Screen as follows:

    Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Each virtual terminal provides the functions of the DEC VT100 terminal and, in addition, several control functions from the ANSI X3.64 (ISO 6429) and ISO 2022 standards (e.g., insert/delete line and support for multiple character sets). There is a scrollback history buffer for each virtual terminal and a copy-and-paste mechanism that allows the user to move text regions between windows. When screen is called, it creates a single window with a shell in it (or the specified command) and then gets out of your way so that you can use the program as you normally would. Then, at any time, you can create new (full-screen) windows with other programs in them (including more shells), kill the current window, view a list of the active windows, turn output logging on and off, copy text between windows, view the scrollback history, switch between windows, etc. All windows run their programs completely independent of each other. Programs continue to run when their window is currently not visible and even when the whole screen session is detached from the users terminal.

The buffer overflow exists in GNU Screen's braille module. According to the GNU Screen maintainers, this buffer overflow is only exploitable if HAVE_BRAILLE is defined in config.h.

II. Impact

Local users may be able to execute arbitrary code with elevated privileges.

III. Solution

Apply a patch from your vendor.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown30-May-2003
AlcatelUnknown30-May-2003
Apple Computer Inc.Not Vulnerable2-Jun-2003
AT&TUnknown30-May-2003
AvayaUnknown30-May-2003
BSDIUnknown30-May-2003
Cisco Systems Inc.Unknown30-May-2003
Computer AssociatesUnknown30-May-2003
ConectivaUnknown30-May-2003
Cray Inc.Unknown30-May-2003
D-Link SystemsUnknown30-May-2003
Data GeneralUnknown30-May-2003
DebianVulnerable30-May-2003
EngardeUnknown30-May-2003
Extreme NetworksNot Vulnerable10-Jun-2003
F5 NetworksUnknown30-May-2003
Foundry Networks Inc.Unknown30-May-2003
Free Software FoundationVulnerable30-May-2003
FreeBSDUnknown30-May-2003
FujitsuNot Vulnerable17-Jun-2003
Hewlett-Packard CompanyUnknown30-May-2003
HitachiNot Vulnerable11-Jun-2003
IBMUnknown30-May-2003
IBM eServerUnknown24-Jun-2003
Ingrian NetworksUnknown30-May-2003
IntelUnknown30-May-2003
Juniper NetworksUnknown30-May-2003
LachmanUnknown30-May-2003
Lotus SoftwareUnknown30-May-2003
Lucent TechnologiesUnknown30-May-2003
MandrakeSoftUnknown30-May-2003
Microsoft CorporationUnknown30-May-2003
MontaVista SoftwareUnknown30-May-2003
Multi-Tech Systems Inc.Unknown30-May-2003
MultinetUnknown30-May-2003
NEC CorporationUnknown30-May-2003
NetBSDUnknown30-May-2003
NetscreenUnknown30-May-2003
Network ApplianceUnknown30-May-2003
NeXTUnknown30-May-2003
NokiaUnknown30-May-2003
Nortel NetworksUnknown30-May-2003
OpenBSDUnknown30-May-2003
Openwall GNU/*/LinuxNot Vulnerable2-Jun-2003
Oracle CorporationUnknown30-May-2003
Red Hat Inc.Not Vulnerable2-Jun-2003
Riverstone NetworksUnknown30-May-2003
SCONot Vulnerable10-Jun-2003
SequentUnknown30-May-2003
SGIUnknown30-May-2003
Sony CorporationUnknown30-May-2003
Sun Microsystems Inc.Unknown30-May-2003
SuSE Inc.Not Vulnerable3-Jun-2003
UnisysUnknown30-May-2003
Wind River Systems Inc.Unknown30-May-2003
WirexUnknown30-May-2003
Xerox CorporationNot Vulnerable14-Jul-2003
ZyXELUnknown30-May-2003

References


http://groups.yahoo.com/group/gnu-screen/message/981
http://groups.yahoo.com/group/gnu-screen/message/980
http://www.gnu.org/software/screen/screen.html
http://www.securityfocus.com/bid/4578

Credit

This vulnerability was discovered by Gobbles.

This document was written by Ian A. Finlay.

Other Information

Date Public:2002-04-23
Date First Published:2003-05-30
Date Last Updated:2003-07-14
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:24.58
Document Revision:9

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader