screen buffer overflow
Jesse Keating
jkeating at j2solutions.net
Wed Jan 7 17:33:07 UTC 2004
On Tuesday 06 January 2004 20:22, Jason wrote:
> The 7.3 rpms work for me.. I don't have a 7.2 box available to test
> that one.
>
> The default in 7.3 is to not suid the screen binary, so I think we're
> safe from privilege escalation (unless the user does it of their own
> volition). But, I am a bit concerned with the idea that someone
> could hijack my screen session. So, is this a patch we want to push?
> If so, we should patch the RH8 rpms as well. RH hasn't yet released
> a patch for 9, though it has a vulnerable version.
Since I use screen daily on a 7.3 box, this is a fairly important one to
me. I'd like to see it fixed for 8 as well. Hopefully I'll have a 7.2
box up to test tonight although it may have to wait for a harddrive ):
Do you have a way of testing the overflow, or are we just testing
functionality of screen once this patch is added?
--
Jesse Keating RHCE MCSE (geek.j2solutions.net)
Fedora Legacy Team (www.fedora.us/wiki/FedoraLegacy)
Mondo DevTeam (www.mondorescue.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040107/ed90c25d/attachment.sig>
More information about the fedora-legacy-list
mailing list