---

SuSE Security Announcement: screen

Date: Wed, 6 Sep 2000 19:38:20 +0200
From: Roman Drahtmueller [email protected]
To: [email protected]
Subject: SuSE Security Announcement: screen


                        SuSE Security Announcement

        Package:                screen
        Date:                   Wednesday, September 6th, 2000 19:35 MEST
        Affected SuSE versions: 5.3, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
        Vulnerability Type:     local root compromise
        Severity (1-10):        8
        SuSE default package:   yes
        Other affected systems: all linux systems with the screen program
                                installed suid root

    Content of this advisory:
        1) security vulnerability resolved: screen
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, temporary workarounds
        3) standard appendix (further information)

1) problem description, brief discussion, solution, upgrade
information screen, a tty multiplexer, is installed suid root by
default on SuSE Linux distributions. By supplying a thoughtfully
designed string as the visual bell message, local users can obtain
root privilege. Exploit information has been published on security
forums.

The temporary workaround for this problem would be to remove the
suid bit from /usr/bin/screen*. This also requires mode changes in
the /tmp/screens directory where the pipes for communication
between the client and server part of screen are placed upon start
of screen.

SuSE provides an update for the vulnerable screen package. It is
strongly recommended to upgrade to the latest version found on our
ftp server as described below. The update packages remove all
currently known security problems in the glibc package.

Download the update package from locations desribed below and
install the package with the command `rpm -Fhv file.rpm’. The
md5sum for each file is in the line below. You can verify the
integrity of the rpm files using the command
`rpm –checksig –nogpg file.rpm’,
independently from the md5 signatures below.

i386 Intel Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/screen-3.9.8-1.i386.rpm

84b6330f0b9ac7600cc5ec53a9dfdbe9
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/screen-3.9.8-1.src.rpm

883d80abf603a4eab2238a4e857301e2

SuSE-6.4

ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/screen-3.9.8-0.i386.rpm

52f451ce0c8c49e02311dd16961aa028
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/screen-3.9.8-0.src.rpm

a3cb0fb2c90664c6deb986fcbf4e74fd

SuSE-6.3

ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/screen-3.9.8-0.i386.rpm

2c244140d346b16a3d5fb77e2cf1f860
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/screen-3.9.8-0.src.rpm

2c84eadb44a5694dc3088000fff5ec82

SuSE-6.2

ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/screen-3.9.8-0.i386.rpm

a72973a281467a1b390453ba2cbf3b59
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/screen-3.9.8-0.src.rpm

a379e5b4ca81cf4118002c3064d1c3da

SuSE-6.1

ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/screen-3.9.8-0.i386.rpm

d64479b7ba3740299acf717fe36c3834
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/screen-3.9.8-0.src.rpm

e0b08bc5887c40d9f6e3176936c7150b

SuSE-6.0
Please use the update packages from the 6.1 directory for
SuSE-6.0!

SuSE-5.3

ftp://ftp.suse.com/pub/suse/i386/update/5.3/ap1/screen-3.9.8-0.i386.rpm

cd3ef3bc018973d8907000a8a23bafb6
source rpm:

ftp://ftp.suse.com/pub/suse/i386/update/5.3/zq1/screen-3.9.8-0.src.rpm

f94c9664219649a2f2100344a88cdd22

Sparc Platform:

SuSE-7.0

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/screen-3.9.8-0.sparc.rpm

3adce8a1bcf2464266d5db728b8d8af9
source rpm:

ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/screen-3.9.8-0.src.rpm

26b1186598be0f873732fa5bf7b7b77b

AXP Alpha Platform:

SuSE-6.4

ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/screen-3.9.8-0.alpha.rpm

aa64d979f33d3c03b5bc0c5074892df8
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/screen-3.9.8-0.src.rpm

11f2261b54e8a329c8b0d1bfd9d0c96f

SuSE-6.3

ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/screen-3.9.8-0.alpha.rpm

8e5acd8e3fe9efa7d82e2710489c7300
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/screen-3.9.8-0.src.rpm

6a1c04d9dd4f8c351e189a38f6f5d614

SuSE-6.1

ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/screen-3.9.8-0.alpha.rpm

54828e3e9f0c72cc022fb35660c687e8
source rpm:

ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/screen-3.9.8-0.src.rpm

e1ff18f05b40afa7849e7d07ae5b8755

PPC Power PC Platform:

SuSE-6.4

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/screen-3.9.8-0.ppc.rpm

7418b948cf1e92622814c8aae3fa9aa6
source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/screen-3.9.8-0.src.rpm

25c8979ec0f63f09a3e39cdadf2ef657

SuSE-6.3

ftp://ftp.suse.com/pub/suse/ppc/update/6.3/ap1/screen-3.9.8-0.ppc.rpm

ea459ccb8c91b293e8b2b321df39be89
source rpm:

ftp://ftp.suse.com/pub/suse/ppc/update/6.3/zq1/screen-3.9.8-0.src.rpm

aa87f61ec2fa912be6c83711c0630129


2) Pending vulnerabilities in SuSE Distributions and
Workarounds:

This section addresses currently known vulnerabilities in
Linux/Unix systems that have not been resolved yet as of the
release date of this advisory.

– zope

SuSE distributions before 7.0 do not contain zope as a package.
An updated package for the freshly released SuSE-7.0 is on the
way.

– xchat

A fix for the URL handler vulnerabilty is in progress and will
be released within a few days. There is currently no effective and
easy workaround other than removing the package by hand (`rpm -e
xchat’). More information on xchat can be found in xchat’s
documentation directory /usr/doc/packages/xchat or
/usr/share/doc/packages/xchat for SuSE-7.0.


3) standard appendix:

SuSE runs two security mailing lists to which any interested
party may subscribe:

[email protected]
– general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list. To
subscribe, send an email to [email protected].

[email protected]

– SuSE’s announce-only mailing list.
Only SuSE’s security annoucements are sent to this list. To
subscribe, send an email to [email protected].

For general information or the frequently asked questions (faq)
send mail to:
[email protected]
or
[email protected]
respectively.


SuSE’s security contact is [email protected].


Regards,
Roman Drahtmüller.
– – —

 -                                                                      -
| Roman Drahtmüller        [email protected] //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -