Bugtraq mailing list archives
Re: security vulnerabilities in screen
From: ubellrj () LEXIS-NEXIS COM (Richard Bellingar)
Date: Wed, 1 Nov 1995 16:14:16 -0500
Stephen, The only screen related security issues I have seen discussions on centered around the "glare" potential; i.e., someone stealing an active screen session or "recovering" a disconnected screen session, rather than problems or exposures relating to the SUID nature of the tool. If you hear something about SUID-exposures, please pass it along (I use screen _a lot_ when I can't get an X session...) Thanks. rick.bellingar () lexis-nexis com ----+---- Rick Bellingar, Staff Security Analyst, (513) 865-7005 LEXIS-NEXIS, 9443 Springboro Pike, Miamisburg, Ohio 45342 (USA) -*- Press on...persistence and determination alone are omnipotent -*- On Mon, 30 Oct 1995, Stephen E. Hansen wrote:
Someone just send me a note asking if I was aware of any security vulnerabilities in the program "screen" (it uses ptty's for multiple sessions and session reconnects). He was concerned because it claims to need to be suid root to function properly. I have a fuzzy memory of there a security problem report about screen, but it was two or three years ago and I can't find it in my e-mail archive. Can any one out there verify that a problem exists or that a patched version is available? Thanks, Stephen Hansen -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Stephen E. Hansen - Computer Security Officer - security () Stanford EDU Room 319, Sweet Hall Stanford University, Stanford, CA 94305-3090 Phone: +1-415-723-2911 WWW: http://www.stanford.edu/~security Fax: +1-415-725-1548 PGP: finger security-pgp () netserver Stanford EDU The church is near, but the road is icy. The bar is far away, but I will walk carefully. -- Russian Proverb
Current thread:
- security vulnerabilities in screen Stephen E. Hansen (Oct 30)
- Re: security vulnerabilities in screen Richard Bellingar (Nov 01)