A locally exploitable buffer overflow exists in GNU screen. An exploit is publicly available for this vulnerability.
The Free Software Foundation describes GNU Screen as follows:
Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells. Each virtual terminal provides the functions of the DEC VT100 terminal and, in addition, several control functions from the ANSI X3.64 (ISO 6429) and ISO 2022 standards (e.g., insert/delete line and support for multiple character sets). There is a scrollback history buffer for each virtual terminal and a copy-and-paste mechanism that allows the user to move text regions between windows. When screen is called, it creates a single window with a shell in it (or the specified command) and then gets out of your way so that you can use the program as you normally would. Then, at any time, you can create new (full-screen) windows with other programs in them (including more shells), kill the current window, view a list of the active windows, turn output logging on and off, copy text between windows, view the scrollback history, switch between windows, etc. All windows run their programs completely independent of each other. Programs continue to run when their window is currently not visible and even when the whole screen session is detached from the users terminal.
Local users may be able to execute arbitrary code with elevated privileges.
Apply a patch from your vendor.
Free Software Foundation Affected
Apple Computer Inc. Not Affected
Extreme Networks Not Affected
Fujitsu Not Affected
Hitachi Not Affected
Openwall GNU/*/Linux Not Affected
Red Hat Inc. Not Affected
SCO Not Affected
SuSE Inc. Not Affected
Xerox Corporation Not Affected
Cisco Systems Inc. Unknown
Computer Associates Unknown
Cray Inc. Unknown
D-Link Systems Unknown
Data General Unknown
F5 Networks Unknown
Foundry Networks Inc. Unknown
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
Juniper Networks Unknown
Lotus Software Unknown
Lucent Technologies Unknown
Microsoft Corporation Unknown
MontaVista Software Unknown
Multi-Tech Systems Inc. Unknown
NEC Corporation Unknown
Network Appliance Unknown
Nortel Networks Unknown
Oracle Corporation Unknown
Riverstone Networks Unknown
Sony Corporation Unknown
Sun Microsystems Inc. Unknown
Wind River Systems Inc. Unknown
This vulnerability was discovered by Gobbles.
This document was written by Ian A. Finlay.
|Date First Published:||2003-05-30|
|Date Last Updated:||2003-07-14 18:17 UTC|