LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: screen vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code.
=========================================================== 
Ubuntu Security Notice USN-370-1           October 31, 2006
screen vulnerability
CVE-2006-4573
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  screen                                   4.0.2-4.1ubuntu2.5.04

Ubuntu 5.10:
  screen                                   4.0.2-4.1ubuntu2.5.10

Ubuntu 6.06 LTS:
  screen                                   4.0.2-4.1ubuntu5.6.06

Ubuntu 6.10:
  screen                                   4.0.2-4.1ubuntu5.6.10

After a standard system upgrade you need to restart any running screen 
sessions to effect the necessary changes.

Details follow:

cstone and Rich Felker discovered a programming error in the UTF8 string 
handling code of "screen" leading to a denial of service.  If a crafted 
string was displayed within a screen session, screen would crash or 
possibly execute arbitrary code.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.diff.gz
      Size/MD5:    34158 cba61559263bcc4370232cdadc6e582f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04.dsc
      Size/MD5:      648 f6c73c29a88533bec08a0c7a596af8da
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5:   840519 ed68ea9b43d9fba0972cb017a24940a1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_amd64.deb
      Size/MD5:   600012 b2f316afe7637709a5da52356d0e05ec

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_i386.deb
      Size/MD5:   577644 d8b407353de17ecda15979be0f42f892

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.04_powerpc.deb
      Size/MD5:   593876 3fa2c203b8aa9f7178d9489bc547845a

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.diff.gz
      Size/MD5:    34163 6070d837711a9eb26aed7f6e253b8976
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10.dsc
      Size/MD5:      648 b10627fdfffa9eb56c883febe4e1d879
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5:   840519 ed68ea9b43d9fba0972cb017a24940a1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_amd64.deb
      Size/MD5:   608874 cafd5e3cebd014b2f91ad1abc9be6ea7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_i386.deb
      Size/MD5:   580646 a5e927874bef8d3989d728758bf37c4a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_powerpc.deb
      Size/MD5:   598392 8e667231c080709c1900d543cdc6575f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu2.5.10_sparc.deb
      Size/MD5:   596636 6bb3b98e8575d7c5bedf3c4306c37bd8

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.diff.gz
      Size/MD5:    54523 ffd98c68cd22cec18f7017b0e26e0003
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06.dsc
      Size/MD5:      648 cc1098ba02b1f371e2d8afe72a06802c
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5:   840519 ed68ea9b43d9fba0972cb017a24940a1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_amd64.deb
      Size/MD5:   609606 2ed54b9ddd4626ea693d0c549c1ddefa

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_i386.deb
      Size/MD5:   580748 38ef03be6459a041f92668b550b3efa7

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_powerpc.deb
      Size/MD5:   598866 3213b3cef084f98fa010a719535aa72a

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.06_sparc.deb
      Size/MD5:   594890 bd551cba69f370ed1ffc2aa3b9eb39ec

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.diff.gz
      Size/MD5:    54524 eebf0a7b77625db94987d03d0171252f
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10.dsc
      Size/MD5:      648 e4cb0fca076db296eaf91f57b87e32f1
    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2.orig.tar.gz
      Size/MD5:   840519 ed68ea9b43d9fba0972cb017a24940a1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_amd64.deb
      Size/MD5:   606076 d302fc97f5890de4a22ef77580f04c00

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_i386.deb
      Size/MD5:   584358 f01e1a4282ac189db902c252f92d6a7f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_powerpc.deb
      Size/MD5:   599994 ac26d1da763cdad66e9fa8b1846968e6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/screen/screen_4.0.2-4.1ubuntu5.6.10_sparc.deb
      Size/MD5:   597784 76c7fd9e1ed7b229fb5de57f60394db1


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.