[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: misc/screen local root compromise

To: ports_(_at_)_openbsd_(_dot_)_org
Subject: Re: misc/screen local root compromise
From: Han <han_(_at_)_mijncomputer_(_dot_)_nl>
Date: Thu, 6 Sep 2001 04:23:07 +0200
Mail-followup-to: ports_(_at_)_openbsd_(_dot_)_org

David Krause (openbsd_(_at_)_davidkrause_(_dot_)_com) wrote:
> http://www.linuxsecurity.com/advisories/suse_advisory-1594.html

> The screen authors didn't update the ChangeLog for 3.9.10, but
> apparently there is a local root compromise.  Isn't that nice that
> they didn't seem to notify us.  I saw the SuSE vulnerability above
> and it mentioned it.  I haven't seen this on bugtraq yet or from any
> of the other vendors.  The vulnerability only occurs if screen is
> installed setuid root.

http://www.acm.uiuc.edu/workshops/security/setuid.html

Any good reason for screen to be suid?


Cya, Han.

Follow-Ups:
- Re: misc/screen local root compromise
  - From: John Wright

References:
- misc/screen local root compromise
  - From: David Krause

Prev by Date: misc/screen local root compromise
Next by Date: Re: misc/screen local root compromise
Previous by thread: misc/screen local root compromise
Next by thread: Re: misc/screen local root compromise
Index(es):
- Date
- Thread

Visit your host, monkey.org