Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2006 > OpenPKG Security Advisory: OpenPKG-SA-2006.026 - screen

October 2006

OpenPKG Security Advisory: OpenPKG-SA-2006.026 - screen

ID: 00724
Ref: 692/2006
Date: 30 October 2006:15:03:53
Version: 1
Title: OpenPKG Security Advisory: OpenPKG-SA-2006.026 - screen
Abstract:
Vendors affected: OpenPKG
Operating systems affected: OpenPKG
Applications affected: OpenPKG
Title
=====

OpenPKG Security Advisory: OpenPKG-SA-2006.026 - screen

Detail
======

According to a vendor release announcement [0], a denial of service
vulnerability exists in the virtual terminal application GNU screen
[1], version 4.0.2 and earlier. The vulnerabilities exist in the
handling of "UTF-8 combining characters" and allow user-assisted
attackers to cause a Denial of Service (crash or hang of GNU screen)
via certain UTF-8 character sequences. The Common Vulnerabilities
and Exposures (CVE) project assigned the id CVE-2006-4573 [2] to the
problem.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory OpenPKG GmbH
http://www.openpkg.org/security/ http://openpkg.com
OpenPKG-SA-2006.026 2006-10-26
________________________________________________________________________

Package: screen
Vulnerability: denial of service
OpenPKG Specific: no

Affected Series: Affected Packages: Corrected Packages:
1.0-ENTERPRISE n.a. >= screen-4.0.3-E1.0.0
2-STABLE-20061018 <= screen-4.0.2-2.20061018 >= screen-4.0.3-2.20061023
2-STABLE <= screen-4.0.2-2.20061018 >= screen-4.0.3-2.20061023
CURRENT <= screen-4.0.2-20061013 >= screen-4.0.3-20061023

Description:
According to a vendor release announcement [0], a denial of service
vulnerability exists in the virtual terminal application GNU screen
[1], version 4.0.2 and earlier. The vulnerabilities exist in the
handling of "UTF-8 combining characters" and allow user-assisted
attackers to cause a Denial of Service (crash or hang of GNU screen)
via certain UTF-8 character sequences. The Common Vulnerabilities
and Exposures (CVE) project assigned the id CVE-2006-4573 [2] to the
problem.
________________________________________________________________________

References:
[0] http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html
[1] http://www.gnu.org/software/screen/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG " (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG

iD8DBQFFQFNOgHWT4GPEy58RAkWTAJ9gxJwcgTQOL0NzAHK9xtLxlbgOtwCgkGwb
uu2qkj9SuoBw0Pjv7vI6hFo=
=oW1b
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |