screen buffer overflow
Christian Pearce
pearcec at commnav.com
Wed Jan 7 18:38:53 UTC 2004
I updated the screen bug with a RedHat 8.0 package. I added rh80 to the keywords. I had to add the autoconf213 to the BuildRequires line.
I am working on the ethereal packages based on the RedHat 9 release.
--
Christian Pearce
http://www.commnav.com
"Christian Pearce" said:
>
> Jason claimed testing the vulnerability was not trivial. I am not certain. We can come up with RedHat 8 packages. I can put one together right now.
>
> --
> Christian Pearce
> http://www.commnav.com
>
>
>
> Jesse Keating said:
> >
> > On Tuesday 06 January 2004 20:22, Jason wrote:
> > > The 7.3 rpms work for me.. I don't have a 7.2 box available to test
> > > that one.
> > >
> > > The default in 7.3 is to not suid the screen binary, so I think we're
> > > safe from privilege escalation (unless the user does it of their own
> > > volition). But, I am a bit concerned with the idea that someone
> > > could hijack my screen session. So, is this a patch we want to push?
> > > If so, we should patch the RH8 rpms as well. RH hasn't yet released
> > > a patch for 9, though it has a vulnerable version.
> >
> > Since I use screen daily on a 7.3 box, this is a fairly important one to
> > me. I'd like to see it fixed for 8 as well. Hopefully I'll have a 7.2
> > box up to test tonight although it may have to wait for a harddrive ):
> >
> > Do you have a way of testing the overflow, or are we just testing
> > functionality of screen once this patch is added?
> >
> > --
> > Jesse Keating RHCE MCSE (geek.j2solutions.net)
> > Fedora Legacy Team (www.fedora.us/wiki/FedoraLegacy)
> > Mondo DevTeam (www.mondorescue.org)
> > GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
> >
> > Was I helpful? Let others know:
> > http://svcs.affero.net/rm.php?r=jkeating
>
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-legacy-list
>
More information about the fedora-legacy-list
mailing list