Date: Tue, 12 Sep 2000 06:53:14 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Mike Silbersack <silby@silby.com> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>, freebsd-security@FreeBSD.ORG Subject: Re: [paul@STARZETZ.DE: Breaking screen on BSD] Message-ID: <20000912065314.A43158@nagual.pp.ru> In-Reply-To: <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com>; from silby@silby.com on Mon, Sep 11, 2000 at 09:28:56PM -0500 References: <20000912061357.A42654@nagual.pp.ru> <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 11, 2000 at 09:28:56PM -0500, Mike Silbersack wrote: > > No, it is a new exploit based on execve behaviour and not related > > especially to screen, other programs can be affected too. We definitely > > need to fix execve. > > If it's new, why does it rely on corrupting VBELL as the previous screen > exploit did? Can this execve behavior be exploiting in a program which > wasn't broken by a buffer overflow or a format string bug? Screen 3.9.8 is not vulnerable to this. By "new" I mean part of it related to execve behaviour which is generally dangerous, not whole exploit at once. -- Andrey A. Chernov <ache@nagual.pp.ru> http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000912065314.A43158>