Executive Summary
| Summary | |
|---|---|
| Title | New screen packages fix arbitrary code execution |
| Informations | |||
|---|---|---|---|
| Name | DSA-1202 | First vendor Publication | 2006-10-31 |
| Vendor | Debian | Last vendor Modification | 2006-10-31 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| "cstone" and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code. For the stable distribution (sarge) this problem has been fixed in version 4.0.2-4.1sarge1. Due to technical problems with the security buildd infrastructure this update lacks a build for the Sun Sparc architecture. It will be released as soon as the problems are resolved. For the unstable distribution (sid) this problem has been fixed in version 4.0.3-0.1. We recommend that you upgrade your screen package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1202 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for screen File : nvt/sles9p5013100.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-01 (screen) File : nvt/glsa_200611_01.nasl |
| 2008-09-04 | Name : FreeBSD Ports: screen File : nvt/freebsd_screen.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1202-1 (screen) File : nvt/deb_1202_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2006-307-02 screen File : nvt/esoft_slk_ssa_2006_307_02.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 29905 | GNU Screen UTF-8 DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11260.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_screen-2199.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-370-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_screen-2198.nasl - Type : ACT_GATHER_INFO |
| 2007-05-25 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2007-005.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-307-02.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-191.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1202.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-01.nasl - Type : ACT_GATHER_INFO |
| 2006-10-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_b318dc8c675611db83c3000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:26:18 |
|
