Date: Wed, 6 Sep 2000 19:38:20 +0200
From: Roman Drahtmueller draht@suse.de
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: SuSE Security Announcement: screen
SuSE Security Announcement
Package: screen
Date: Wednesday, September 6th, 2000 19:35 MEST
Affected SuSE versions: 5.3, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: local root compromise
Severity (1-10): 8
SuSE default package: yes
Other affected systems: all linux systems with the screen program
installed suid root
Content of this advisory:
1) security vulnerability resolved: screen
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, temporary workarounds
3) standard appendix (further information)
1) problem description, brief discussion, solution, upgrade
information screen, a tty multiplexer, is installed suid root by
default on SuSE Linux distributions. By supplying a thoughtfully
designed string as the visual bell message, local users can obtain
root privilege. Exploit information has been published on security
forums.
The temporary workaround for this problem would be to remove the
suid bit from /usr/bin/screen*. This also requires mode changes in
the /tmp/screens directory where the pipes for communication
between the client and server part of screen are placed upon start
of screen.
SuSE provides an update for the vulnerable screen package. It is
strongly recommended to upgrade to the latest version found on our
ftp server as described below. The update packages remove all
currently known security problems in the glibc package.
Download the update package from locations desribed below and
install the package with the command `rpm -Fhv file.rpm'. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
2) Pending vulnerabilities in SuSE Distributions and
Workarounds:
This section addresses currently known vulnerabilities in
Linux/Unix systems that have not been resolved yet as of the
release date of this advisory.
- zope
SuSE distributions before 7.0 do not contain zope as a package.
An updated package for the freshly released SuSE-7.0 is on the
way.
- xchat
A fix for the URL handler vulnerabilty is in progress and will
be released within a few days. There is currently no effective and
easy workaround other than removing the package by hand (`rpm -e
xchat'). More information on xchat can be found in xchat's
documentation directory /usr/doc/packages/xchat or
/usr/share/doc/packages/xchat for SuSE-7.0.
3) standard appendix:
SuSE runs two security mailing lists to which any interested
party may subscribe: