lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Oct 2006 03:28:11 -0400 From: rPath Update Announcements <announce-noreply@...th.com> To: security-announce@...ts.rpath.com, update-announce@...ts.rpath.com Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, lwn@....net Subject: rPSA-2006-0198-1 screen rPath Security Advisory: 2006-0198-1 Published: 2006-10-26 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: screen=/conary.rpath.com@rpl:devel//1/4.0.3-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 https://issues.rpath.com/browse/RPL-734 Description: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.
Powered by blists - more mailing lists