• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Screen Escape Sequence Integer Overflow Array Indexing Vulnerability

Solution:
SCO have released an advisory (CSSA-2004-011.0) and fixes to address this issue in OpenLinux 3.1.1 Server and Workstation. Please see referenced advisory for additional details regarding obtaining and applying appropriate fixes. Fixes are linked below.

OpenPKG has released a security advisory OpenPKG-SA-2003.050 to address this issue. Please see the referenced advisory for detailed information about obtaining fixes.

Mandrake has released an advisory and fixes to address this issue.

Debian has released security advisory DSA 408-1 to address this issue.

Conectiva has released security advisory CLSA-2004:805 to address this issue in CLEE 1.0. Conectiva also released advisory CLA-2004:809 for Conectiva Linux 8 and 9.


GNU screen 3.9.10

• Conectiva screen-3.9.10-2U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/screen-3.9.10-2U80_1cl.i386 .rpm


• SCO screen-3.9.10-2.i386.rpm
  OpenLinux 3.1.1 Server
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-011.0/R PMS/screen-3.9.10-2.i386.rpm


• SCO screen-3.9.10-2.i386.rpm
  OpenLinux 3.1.1 Workstation
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 1.0/RPMS/screen-3.9.10-2.i386.rpm

GNU screen 3.9.11

• Debian screen_3.9.11-5woody1_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_alpha.deb


• Debian screen_3.9.11-5woody1_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_arm.deb


• Debian screen_3.9.11-5woody1_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_hppa.deb


• Debian screen_3.9.11-5woody1_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_i386.deb


• Debian screen_3.9.11-5woody1_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_ia64.deb


• Debian screen_3.9.11-5woody1_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_m68k.deb


• Debian screen_3.9.11-5woody1_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_mips.deb


• Debian screen_3.9.11-5woody1_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_mipsel.deb


• Debian screen_3.9.11-5woody1_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_powerpc.deb


• Debian screen_3.9.11-5woody1_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_s390.deb


• Debian screen_3.9.11-5woody1_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5w oody1_sparc.deb


• Mandrake screen-3.9.11-4.1.90mdk.i586.rpm
  Mandrake Linux 9.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake screen-3.9.11-4.1.C21mdk.i586.rpm
  Mandrake Corporate Server 2.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake screen-3.9.11-4.1.C21mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake screen-3.9.11-4.1.M82mdk.i586.rpm
  Mandrake Multi Network Firewall 8.2.
  http://www.mandrakesecure.net/en/ftp.php

GNU screen 3.9.13

• Conectiva screen-3.9.13-147.i586.rpm
  ftp://ul.conectiva.com.br/updates/1.0/RPMS.core/screen-3.9.13-147.i586 .rpm


• Conectiva screen-3.9.13-24126U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/screen-3.9.13-24126U90_1cl. i386.rpm


• Mandrake screen-3.9.13-2.1.91mdk.i586.rpm
  Mandrake Linux 9.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake screen-3.9.13-2.1.91mdk.ppc.rpm
  Mandrake Linux 9.1/PPC.
  http://www.mandrakesecure.net/en/ftp.php

GNU screen 3.9.15

• Mandrake screen-3.9.15-2.1.92mdk.i586.rpm
  Mandrake Linux 9.2.
  http://www.mandrakesecure.net/en/ftp.php