Having some fun

Altiris · 09-12-2015, 01:30 PM

I am bored and wanted to play around with things, I noticed there was some vulnerability in screen 4.0.3-14 via https://bugs.debian.org/cgi-bin/bugr...cgi?bug=797624 and Slackware 14.1 uses 4.0.3 so I wanted to see if it were vulnerable so I went to the bug report here https://savannah.gnu.org/bugs/?45713 and tried reproducing which someone says to put "printf '\x1b[10000000T'" without "" in a screen session. I did that but it doesn't seem to do anything, screen -list will report that it is dead. Is this part of the vulnerability? How exactly do I check if this is reproducible?

volkerdi · 09-12-2015, 02:33 PM

It seems like a real stretch to call this screen bug a "vulnerability." But I guess that's par for the course these days.

Altiris · 09-12-2015, 11:04 PM

Quote:

Originally Posted by volkerdi

It seems like a real stretch to call this screen bug a "vulnerability." But I guess that's par for the course these days.

I don't know, I am not an expert on this stuff, that is what Debian marked it as such https://www.debian.org/security/2015/dsa-3352 I was just looking at things and was bored so I tried reproducing it.

unSpawn · 09-13-2015, 03:48 AM

CVE-2015-6806 discussion