[screen-devel] Re: Insecure handling of /tmp/screen-exchange

screen-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] Re: Insecure handling of /tmp/screen-exchange

From:	Moritz Muehlenhoff
Subject:	[screen-devel] Re: Insecure handling of /tmp/screen-exchange
Date:	Wed, 1 Apr 2009 23:35:36 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

On Wed, Apr 01, 2009 at 02:28:24PM -0700, Adam Lazur wrote:
> Moritz Muehlenhoff (address@hidden) said:
> > Hi,
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 has been assigned
> > CVE-2009-1215 and CVE-2009-1214. 
> > 
> > Can you tell us under what circumstances /tmp/screen-exchange is created,
> > so that the risk/required action can be estimated?
> 
> writebuf and readbuf (bound to C-a < and C-a >)
> 
> It's used by some people to transfer buffers between different screen
> processes.
> 
> In practice, I don't know of anyone who regularly uses this... but the
> screen user community is large and ridiculously strange/diverse.

Ok, can you or Jan Christop provide updated packages for oldstable-security
and stable-security?

Cheers,
        Moritz

[Prev in Thread]

Current Thread

[Next in Thread]

[screen-devel] Re: Insecure handling of /tmp/screen-exchange, Adam Lazur, 2009/04/02
- [screen-devel] Re: Insecure handling of /tmp/screen-exchange, Moritz Muehlenhoff <=
  - [screen-devel] Re: Insecure handling of /tmp/screen-exchange, Jan Christoph Nordholz, 2009/04/01

Prev by Date: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Previous by thread: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Next by thread: [screen-devel] Re: Insecure handling of /tmp/screen-exchange
Index(es):
- Date
- Thread