[MBT] new entry in pkg screen "allows local users to execute arbitrary code"
bugs at pld-linux.org
bugs at pld-linux.org
Mon Feb 2 12:10:47 CET 2004
Date: 2004-02-02 12:10:46+01 Author: Jakub Bogusz (qboosh) <qboosh at pld-linux.org>
Title: allows local users to execute arbitrary code
Ticket ID: #811
Ticket URL: http://bugs.pld-linux.org/?bug=811
Package: screen-1:3.9.13-3
Distribution: PLD-1.0.main
Category: security problem
Current state: resolving state
Text:
Low risk in PLD - thanks to ptys and utempter usage screen
doesn't use any privileges elevation (no suid/sgid).
The only issue may be when some program (say A) prints output
of other (possibly remote) program which can print such evil
string and execute arbitrary code with privileges of user
which ran A.
*** State changed to 'resolving state'
More information about the pld-bugs
mailing list