‹‹ 上一主题 | 下一主题 ››
发新话题
打印

screen 4.0.3 Local Authentication Bypass Vulnerability

ring04h

团队执行官

Rank: 8Rank: 8

E.S.T核心成员 社区主管

帖子
3921 
精华
128 
积分
209639 
阅读权限
200 
性别
男 
在线时间
1092 小时 
注册时间
2007-10-23 
最后登录
2008-7-9 

资料收集奖 运营支持奖

楼主 发表于 2007-6-12 01:08  只看该作者

screen 4.0.3 Local Authentication Bypass Vulnerability

复制内容到剪贴板
代码:
           _  _ _____ _   ___ _____ _  _
          / / / / ____/ /  / _/_ __/ / / /
         / /_/ / __/ / /  / / / / / /_/ /
         / __ / /___/ /____/ / / / / __ /
        /_/ /_/_____/_____/___/ /_/ /_/ /_/
              Helith - 0815
--------------------------------------------------------------------------------


Author: Rembrandt
Date: Known since somewhere in &cant_remember
Affected Software: screen <= 4.0.3
Type: Local
Type: Authentication Bypass

Greets go to: Helith and all affiliated People, t3c0, levent, str0ke,
       hdm, The EOF-Crew, rrlf, herm1t, Solar Designer, softxor,
       Packetstorm, FeFe, kscope, Zarathu, f0rg3, Mr. Joern Alles

Disrespect goes to: A Bank [/]
          And others included into this case...

Personal note: I wanna get MY STUFF BACK!
        This is the last "diplomatic" attemp made directly.
        Contact me if you`re interested into a deescalation.
        Nobody is interested into making the things even more complicated
        or? So make your choice. And you better hurry...
        And this is no blackmailing attemp but others may decide for you
        if you don`t do it.
        IMPORTENT: Turn your brain "ON" this time.
--------------------------------------------------------------------------------

I didn`t found a Adv. related to this so I decided to write one. :]

screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a Password.

It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.

How to reproduce:

Lock screen using ctrl+x
Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c.
2 seconds later the screen is unlocked and you`ve access.


Have fun!

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题