Multiple security issues in Screen

by
jzb
from LWN.net on (#6X7TE)

The SUSE Security Team has publishedan article detailing several securityissues it has uncovered with GNU Screen. This includesa local root exploit when Screen is shipped setuid-root, as it is insome Linux and BSD distributions. The security team also reports problemsin coordinating disclosure with the upstream Screen project.

We are not satisfied with how this coordinated disclosure developed,and we will try to be more attentive to such problematic situationsearly on in the future. This experience also sheds light on theoverall situation of Screen upstream. It looks like it suffers from alack of manpower and expertise, which is worrying for such awidespread open source utility. We hope this publication can help todraw attention to this and to improve this situation in the future.

The article includes a tableof operating systems, screen versions, and which vulnerabilities theymay be affected by.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments