Red Hat Bugzilla – Bug 212056
CVE-2006-4573 screen buffer overflow
Last modified: 2011-08-02 14:32:12 EDT
From the screen-users mailing list:
I've just released screen-4.0.3. This is not the promised next version
with vertical split and other cool things, but just a security release
that fixes two bugs in the utf8 combining characters handling. The
bugs could be used to crash/hang screen by writing a special string
to a window.
The fixed version is (as usual) available via:
Credits go to cstone & Rich Felker for finding the bugs.
Kees Cook of Ubuntu analysed this issue and determined that it's likely an
exploitable issue, but it's non trivial to exploit. This will require a fair
amount of user interaction to exploit, thus the low severity.
This issue also likely affects RHEL2.1 and RHEL3
Solved in rawhide.
New version, fix bugs from comment#1
Please update on screen-4.0.3 and higher.
Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4.