[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] Re: Insecure handling of /tmp/screen-exchange
From: |
Moritz Muehlenhoff |
Subject: |
[screen-devel] Re: Insecure handling of /tmp/screen-exchange |
Date: |
Wed, 1 Apr 2009 23:35:36 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Wed, Apr 01, 2009 at 02:28:24PM -0700, Adam Lazur wrote:
> Moritz Muehlenhoff (address@hidden) said:
> > Hi,
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 has been assigned
> > CVE-2009-1215 and CVE-2009-1214.
> >
> > Can you tell us under what circumstances /tmp/screen-exchange is created,
> > so that the risk/required action can be estimated?
>
> writebuf and readbuf (bound to C-a < and C-a >)
>
> It's used by some people to transfer buffers between different screen
> processes.
>
> In practice, I don't know of anyone who regularly uses this... but the
> screen user community is large and ridiculously strange/diverse.
Ok, can you or Jan Christop provide updated packages for oldstable-security
and stable-security?
Cheers,
Moritz