LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rPath alert rPSA-2006-0198-1 (screen)



From:
    	      rPath Update Announcements <announce-noreply@rpath.com>


To:
    	      security-announce@lists.rpath.com, update-announce@lists.rpath.com


Subject:
    	      rPSA-2006-0198-1 screen


Date:
    	      Thu, 26 Oct 2006 03:28:11 -0400


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net


rPath Security Advisory: 2006-0198-1
Published: 2006-10-26
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    screen=/conary.rpath.com@rpl:devel//1/4.0.3-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    https://issues.rpath.com/browse/RPL-734

Description:
    In previous versions of the screen package, the screen program had
    a bug which is known to make screen vulnerable to a minor denial of
    service attack in which the screen program would crash if presented
    with particular output.  It is possible that this attack could also
    allow a user-complicit attacker to assume the privileges of the
    complicit user.  The screen program is not setuid in rPath Linux,
    so any attack is limited to the complicit user.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds