[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] (fwd) SuSE Security Announcement: screen

To: Suresh Ramasubramanian <sureshr@xxxxxxx>
Subject: Re: [LIH] (fwd) SuSE Security Announcement: screen
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Thu, 7 Sep 2000 11:46:52 +0530 (IST)
Cc: linux-delhi@xxxxxxxxxxxxxxxxxxxxx, linux-india-help@xxxxxxxxxxxxxxxxxxxxx
In-reply-to: <20000907110352.A6924@oyeindia.com>
References: <14775.6593.97703.858521@localhost.localdomain> <20000907110352.A6924@oyeindia.com>
Reply-to: raju@xxxxxxxxxxxxxxx

Neither RH 6.1 (as per Suresh) nor 6.2 (as per my own computer) need
to be upgraded.  You need to upgrade ONLY IF screen is setuid root in
your distribution.

Regards,

-- Raju

P.S. Even if it isn't (setuid root), you can of course still get an
exploit which will give you a shell with your own UID; I don't
consider this a security hole, but the schizophrenics amongst you may
;-)

>>>>> "Suresh" == Suresh Ramasubramanian <sureshr@xxxxxxx> writes:

    Suresh> [snip]

    Suresh> Hmmm... my screen is not installed with setuid (and this
    Suresh> is a redhat 6.1 pcq box upgraded in bits and patches to
    Suresh> pinstripe <rh 6.9.5 - that is, 7 beta)

    Suresh> [mallet@mjollnir] ~$ ls -l `which screen` -rwxr-xr-x 1
    Suresh> root root 236404 Aug 18 1999 /usr/bin/screen*

    Suresh> -suresh

References:
- (fwd) SuSE Security Announcement: screen
  - From: Raju Mathur
- Re: [LIH] (fwd) SuSE Security Announcement: screen
  - From: Suresh Ramasubramanian

Prev by Subject: Re: [LIH] (fwd) SuSE Security Announcement: screen
Next by Subject: Re: [LIH] Linux based mailserver
Previous by thread: Re: [LIH] (fwd) SuSE Security Announcement: screen
Next by thread: TCP connection denied on port 25
Index(es):
- Subject
- Thread