Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerability
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Fri Nov 03, 2006 2:26 pm    Post subject: [ GLSA 200611-01 ] Screen: UTF-8 character handling vulnerab Reply with quote

Gentoo Linux Security Advisory

Title: Screen: UTF-8 character handling vulnerability (GLSA 200611-01)
Severity: high
Exploitable: remote
Date: November 03, 2006
Bug(s): #152770
ID: 200611-01

Synopsis

Screen contains an error in its UTF-8 character handling code that would allow a remote Denial of Service or possibly the remote execution of arbitrary code.

Background

Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells.

Affected Packages

Package: app-misc/screen
Vulnerable: < 4.0.3
Unaffected: >= 4.0.3
Architectures: All supported architectures


Description

cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling.

Impact

The vulnerability can be exploited by writing a special string of characters to a Screen window. A remote attacker could cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running Screen through a program being run inside a Screen session, such as an IRC client or a mail client.

Workaround

There is no known workaround at this time.

Resolution

All Screen users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/screen-4.0.3"


References

CVE-2006-4573
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum