Advisories

Mandriva Advisories

Package name	screen
Date	December 8th, 2003
Advisory ID	MDKSA-2003:113
Affected versions	9.0, 9.1, 9.2, MNF8.2, CS2.1
Synopsis	Updated screen packages fix buffer overflow vulnerability

Problem Description

A vulnerability was discovered and fixed in screen by Timo Sirainen
who found an exploitable buffer overflow that allowed privilege
escalation. This vulnerability also has the potential to allow
attackers to gain control of another user's screen session. The
ability to exploit is not trivial and requires approximately 2GB
of data to be transferred in order to do so.

Updated packages are available that fix the vulnerability.

Updated Packages

Mandrakelinux 9.0

 2ed29228596116d87146cb2f1eb75ad3  9.0/RPMS/screen-3.9.11-4.1.90mdk.i586.rpm
db59e945ca7dabc7d81df3388566feb9  9.0/SRPMS/screen-3.9.11-4.1.90mdk.src.rpm

Mandrakelinux 9.1

 4d1ce0bb5f0b8335b9f3da4520280fdb  9.1/RPMS/screen-3.9.13-2.1.91mdk.i586.rpm
025da8fcc964f065afb0c51d2716d472  9.1/SRPMS/screen-3.9.13-2.1.91mdk.src.rpm

Mandrakelinux 9.1/PPC

 b8570b8b63461c8f444dcdbe2c4f6e99  ppc/9.1/RPMS/screen-3.9.13-2.1.91mdk.ppc.rpm
025da8fcc964f065afb0c51d2716d472  ppc/9.1/SRPMS/screen-3.9.13-2.1.91mdk.src.rpm

Mandrakelinux 9.2

 656ca2f3bf4796052972997c214d7909  9.2/RPMS/screen-3.9.15-2.1.92mdk.i586.rpm
4d078d5d3b28c417a51e3a8bfe622f45  9.2/SRPMS/screen-3.9.15-2.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64

 8c78f40deae7be8ccee172361fb71176  amd64/9.2/RPMS/screen-3.9.15-2.1.92mdk.amd64.rpm
4d078d5d3b28c417a51e3a8bfe622f45  amd64/9.2/SRPMS/screen-3.9.15-2.1.92mdk.src.rpm

Multi Network Firewall 8.2

 c4b0b5a690692dac14eaeb8590fe2d8f  mnf8.2/RPMS/screen-3.9.11-4.1.M82mdk.i586.rpm
9a363746316958e58a843f4d838b0cf0  mnf8.2/SRPMS/screen-3.9.11-4.1.M82mdk.src.rpm

Corporate Server 2.1

 757d420f6d823e26a487eff794490bbe  corporate/2.1/RPMS/screen-3.9.11-4.1.C21mdk.i586.rpm
54336329e042b03ebca3c00ca0a1f0c3  corporate/2.1/SRPMS/screen-3.9.11-4.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 bf60dabe82228d7f879c1fa232df2e20  x86_64/corporate/2.1/RPMS/screen-3.9.11-4.1.C21mdk.x86_64.rpm
54336329e042b03ebca3c00ca0a1f0c3  x86_64/corporate/2.1/SRPMS/screen-3.9.11-4.1.C21mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0972
http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer