From owner-freebsd-security  Mon Sep 11 19:14: 3 2000
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9225737B422; Mon, 11 Sep 2000 19:13:59 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.0/8.11.0) id e8C2Dwd42717;
	Tue, 12 Sep 2000 06:13:58 +0400 (MSD)
	(envelope-from ache)
Date: Tue, 12 Sep 2000 06:13:57 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: [paul@STARZETZ.DE: Breaking screen on BSD]
Message-ID: <20000912061357.A42654@nagual.pp.ru>
References: <20000911224221.A14920@petra.hos.u-szeged.hu> <Pine.BSF.4.21.0009111756120.93244-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0009111756120.93244-100000@freefall.freebsd.org>; from kris@FreeBSD.ORG on Mon, Sep 11, 2000 at 05:57:07PM -0700
Organization: Biomechanoid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Sep 11, 2000 at 05:57:07PM -0700, Kris Kennaway wrote:
> I thought it was a technique for exploiting the known (and fixed)
> vulnerability in the previous version of the screen port, not a new attack
> in itself.

No, it is a new exploit based on execve behaviour and not related
especially to screen, other programs can be affected too. We definitely
need to fix execve.

-- 
Andrey A. Chernov
<ache@nagual.pp.ru>
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message