BugTraq
GNU screen buffer overflow Nov 27 2003 01:29AM
Timo Sirainen (tss iki fi) (1 replies)
Re: GNU screen buffer overflow Dec 01 2003 11:41AM
Mariusz Woloszyn (emsi ipartners pl) (1 replies)
Re: GNU screen buffer overflow Dec 01 2003 09:48PM
Kyle Sallee (cromwell metalab unc edu) (1 replies)
On Mon, 1 Dec 2003, Mariusz Woloszyn wrote:

> On Thu, 27 Nov 2003, Timo Sirainen wrote:
>
> > Buffer overflow in GNU screen allows privilege escalation for local users.
> > Usually screen is installed either setgid-utmp or setuid-root.
> >
> With devpts and libutempter it is possible to install fully functional
> screen without suid/sgid.

Does that mean any program that links with libutempter gains
complete suid/sgid root functionality, or only when executing
the functions in the libutempter library, please?

[ reply ]
Re: GNU screen buffer overflow Dec 03 2003 07:36PM
Pavel Kankovsky (peak argo troja mff cuni cz) (1 replies)
Re: GNU screen buffer overflow Dec 03 2003 09:17PM
Casper Dik (casper holland sun com)


 

Privacy Statement
Copyright 2010, SecurityFocus