screen buffer overflow

[Jason]

Testing requires sending about 2-3gb of escaped semicolon's to screen..
and then inserting executable code into the right location in memory to
take advantage.. I haven't seen a published bit of exploit code for it.

I'm fine with just functional testing, the patch is very straightforward
if you'd like to take a look.

-j

On Wed, Jan 07, 2004 at 09:33:07AM -0800, Jesse Keating wrote:
Content-Description: signed data
> On Tuesday 06 January 2004 20:22, Jason wrote:
> > The 7.3 rpms work for me.. I don't have a 7.2 box available to test
> > that one.
> >
> > The default in 7.3 is to not suid the screen binary, so I think we're
> > safe from privilege escalation (unless the user does it of their own
> > volition).  But, I am a bit concerned with the idea that someone
> > could hijack my screen session.  So, is this a patch we want to push?
> > If so, we should patch the RH8 rpms as well.  RH hasn't yet released
> > a patch for 9, though it has a vulnerable version.
> 
> Since I use screen daily on a 7.3 box, this is a fairly important one to 
> me.  I'd like to see it fixed for 8 as well.  Hopefully I'll have a 7.2 
> box up to test tonight although it may have to wait for a harddrive ):
> 
> Do you have a way of testing the overflow, or are we just testing 
> functionality of screen once this patch is added?
> 
> -- 
> Jesse Keating RHCE MCSE (geek.j2solutions.net)
> Fedora Legacy Team      (www.fedora.us/wiki/FedoraLegacy)
> Mondo DevTeam           (www.mondorescue.org)
> GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
>  
> Was I helpful?  Let others know:
>  http://svcs.affero.net/rm.php?r=jkeating

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040107/123e554b/attachment.sig>