From owner-freebsd-security  Mon Sep 11 19:53:23 2000
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2943037B42C; Mon, 11 Sep 2000 19:53:20 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.0/8.11.0) id e8C2rE943198;
	Tue, 12 Sep 2000 06:53:14 +0400 (MSD)
	(envelope-from ache)
Date: Tue, 12 Sep 2000 06:53:14 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Mike Silbersack <silby@silby.com>
Cc: Kris Kennaway <kris@FreeBSD.ORG>,
	Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: [paul@STARZETZ.DE: Breaking screen on BSD]
Message-ID: <20000912065314.A43158@nagual.pp.ru>
References: <20000912061357.A42654@nagual.pp.ru> <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0009112127170.85133-100000@achilles.silby.com>; from silby@silby.com on Mon, Sep 11, 2000 at 09:28:56PM -0500
Organization: Biomechanoid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Sep 11, 2000 at 09:28:56PM -0500, Mike Silbersack wrote:
> > No, it is a new exploit based on execve behaviour and not related
> > especially to screen, other programs can be affected too. We definitely
> > need to fix execve.
> 
> If it's new, why does it rely on corrupting VBELL as the previous screen
> exploit did?  Can this execve behavior be exploiting in a program which
> wasn't broken by a buffer overflow or a format string bug?

Screen 3.9.8 is not vulnerable to this. By "new" I mean part of it related
to execve behaviour which is generally dangerous, not whole exploit at
once.

-- 
Andrey A. Chernov
<ache@nagual.pp.ru>
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message