Bug#395999: Remote DoS and possible code execution in screen <= 4.0.2

Sun, 29 Oct 2006 03:24:53 -0800 

Package: screen
Version: 4.0.2-4.1
Severity: critical
Tags: security
Justification: breaks unrelated software


The following proof-of-concept exploit (by dalias @ #screen on
freenode.net, realname not known, probably (hopefully) he's one of the
guys credited in the upstream security announcement) will crash a
screen session with utf8 enabled. (:utf8 on, :defutf8 on)

#include <locale.h>
#include <wchar.h>
#include <stdio.h>
int main() {
 setlocale(LC_CTYPE, "");
 wchar_t i, j, k; for (i=' '; i<0x7f; i++) for (j=0x300; j<0x370; j++) 
for(k=0x300; k<0x370; k++) printf("%lc%lc%lc", i, j, k); }

A workaround is to disable utf8. ("defutf8 off" in screenrc)

Upstream security announcement is at 
http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html

The whole screen session with all programs running in it will get lost
(hence: "breaks unrelated software") and this can be triggered by any
software sending utf-8 characters to the terminal (such as a console
mail or news reader or irc client).

This is a *possible* remote code execution, because in the debugger
some registers are reportedly overwritten.

Kind regards
     Friedel
-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-1-k7
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.utf8)

Versions of packages screen depends on:
ii  base-passwd                 3.5.11       Debian base system master password
ii  debconf                     1.5.7        Debian configuration management sy
ii  libc6                       2.3.6.ds1-7  GNU C Library: Shared libraries
ii  libncursesw5                5.5-5        Shared libraries for terminal hand
ii  libpam0g                    0.79-4       Pluggable Authentication Modules l
ii  passwd                      1:4.0.18.1-5 change and administer password and

screen recommends no packages.

-- debconf information:
  screen/old_upgrade_prompt: false


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to