Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0972

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-0972
Last Modified 10 Sep 2008 03:21:02
Published 15 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0972

Summary

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.

Vulnerable Systems

Application

  • Gnu Screen 3.9.10

  • Gnu Screen 3.9.11

  • Gnu Screen 3.9.13

  • Gnu Screen 3.9.15

  • Gnu Screen 3.9.4

  • Gnu Screen 3.9.8

  • Gnu Screen 3.9.9

  • Gnu Screen 4.0.1


References

DEBIAN - DSA-408

CONFIRM - http://groups.yahoo.com/group/gnu-screen/message/3118

MANDRAKE - MDKSA-2003:113

SECUNIA - 10539

BUGTRAQ - 20031127 GNU screen buffer overflow

CONECTIVA - CLA-2004:809


Last Updated: 27 May 2016 10:38:07