[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: screen buffer overflow
- From: "Christian Pearce" <pearcec commnav com>
- To: fedora-legacy-list redhat com
- Subject: Re: screen buffer overflow
- Date: Wed, 7 Jan 2004 13:50:00 GMT
I compiled it for 7.2. It seems to work fine. I updated the bug.
https://bugzilla.fedora.us/show_bug.cgi?id=1187
I am not certain if we should choose to release this as a security fix. Certainly if RedHat does for 9 we should. If other distributions do we should as well. Since we did the work at this point we should.
--
Christian Pearce
http://www.commnav.com
rohwedde codegrinder com (Jason) said:
>
>
> Currently entered into the bugzilla at:
> https://bugzilla.fedora.us/show_bug.cgi?id=1187
>
> I'm curious whether the community thinks this is a necessary patch?
> Thanks.
>
> -jason
>
> ---------------------------------------------------------------------
>
> Patched SRPMS for screen buffer overflow
>
> Details at:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972
> http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2
>
> RH 7.3 https://mail.codegrinder.com/www/screen-3.9.11-4.legacy.src.rpm
> RH 7.2 https://mail.codegrinder.com/www/screen-3.9.9-4.legacy.src.rpm
> MD5SUM https://mail.codegrinder.com/www/screen-md5sums.asc
>
> The 7.3 rpms work for me.. I don't have a 7.2 box available to test that
> one.
>
> The default in 7.3 is to not suid the screen binary, so I think we're
> safe from privilege escalation (unless the user does it of their own
> volition). But, I am a bit concerned with the idea that someone could
> hijack my screen session. So, is this a patch we want to push? If so,
> we should patch the RH8 rpms as well. RH hasn't yet released a patch
> for 9, though it has a vulnerable version.
>
>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]