Red Hat Bugzilla – Bug 212057
CVE-2006-4573 screen buffer overflow
Last modified: 2007-11-30 17:11:46 EST
+++ This bug was initially created as a clone of Bug #212056 +++
From the screen-users mailing list:
I've just released screen-4.0.3. This is not the promised next version
with vertical split and other cool things, but just a security release
that fixes two bugs in the utf8 combining characters handling. The
bugs could be used to crash/hang screen by writing a special string
to a window.
The fixed version is (as usual) available via:
Credits go to cstone & Rich Felker for finding the bugs.
Kees Cook of Ubuntu analysed this issue and determined that it's likely an
exploitable issue, but it's non trivial to exploit. This will require a fair
amount of user interaction to exploit, thus the low severity.
This issue also affects FC5
Now I make it for devel. I'll update FC-6 soon.