screen buffer overflow
Jason
rohwedde at codegrinder.com
Wed Jan 7 04:22:13 UTC 2004
Currently entered into the bugzilla at:
https://bugzilla.fedora.us/show_bug.cgi?id=1187
I'm curious whether the community thinks this is a necessary patch?
Thanks.
-jason
---------------------------------------------------------------------
Patched SRPMS for screen buffer overflow
Details at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972
http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2
RH 7.3 https://mail.codegrinder.com/www/screen-3.9.11-4.legacy.src.rpm
RH 7.2 https://mail.codegrinder.com/www/screen-3.9.9-4.legacy.src.rpm
MD5SUM https://mail.codegrinder.com/www/screen-md5sums.asc
The 7.3 rpms work for me.. I don't have a 7.2 box available to test that
one.
The default in 7.3 is to not suid the screen binary, so I think we're
safe from privilege escalation (unless the user does it of their own
volition). But, I am a bit concerned with the idea that someone could
hijack my screen session. So, is this a patch we want to push? If so,
we should patch the RH8 rpms as well. RH hasn't yet released a patch
for 9, though it has a vulnerable version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040106/c00eb844/attachment.sig>
More information about the fedora-legacy-list
mailing list