Debian Bug report logs -
#797624
screen: CVE-2015-6806: DoS attack via stack overflow via terminal control codes
Reported by: Axel Beckert <abe@debian.org>
Date: Mon, 31 Aug 2015 22:45:01 UTC
Severity: important
Tags: confirmed, fixed-upstream, patch, security
Found in version screen/4.0.3-14
Fixed in versions 4.2.1-3+deb8u1, 4.1.0~20120320gitdb59704-7+deb7u1, screen/4.3.1-2, screen/4.0.3-14+deb6u1
Done: Scott Kitterman <scott@kitterman.com>
Bug is archived. No further changes may be made.
Forwarded to https://savannah.gnu.org/bugs/?45713
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, abe@debian.org:
Bug#797624; Package screen.
(Mon, 31 Aug 2015 22:45:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Axel Beckert <abe@debian.org>:
New Bug report received and forwarded. Copy sent to abe@debian.org.
(Mon, 31 Aug 2015 22:45:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: screen
Version: 4.0.3-14
Severity: important
Tags: security patch fixed-upstream
Control: forwarded -1 https://savannah.gnu.org/bugs/?45713
GNU Screen upstream fixed the following crash of the SCREEN server
process in git:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=b7484c224738247b510ed0d268cd577076958f1b
The according upstream bug report is at
https://savannah.gnu.org/bugs/?45713
I can reproduce the issue on Jessie, Wheezy and Squeeze and since it has
been fixed upstream in the screen-v4 branch, Stretch and Sid are surely
affected, too.
Effect is that the SCREEN server process dies without the screen client
process noticing, the client process freezes and until it's killed, a
SCREEN server zombie process is left over.
Hence this can be used to cause a denial of service attack by tricking a
user into e.g. displaying a file with "cat" inside screen.
Added tag(s) confirmed and pending.
Request was from Axel Beckert <abe@debian.org>
to control@bugs.debian.org.
(Mon, 31 Aug 2015 23:51:06 GMT) (full text, mbox, link).
Reply sent
to Axel Beckert <abe@debian.org>:
You have taken responsibility.
(Tue, 01 Sep 2015 15:33:13 GMT) (full text, mbox, link).
Notification sent
to Axel Beckert <abe@debian.org>:
Bug acknowledged by developer.
(Tue, 01 Sep 2015 15:33:14 GMT) (full text, mbox, link).
Message #14 received at 797624-close@bugs.debian.org (full text, mbox, reply):
Source: screen
Source-Version: 4.3.1-2
We believe that the bug you reported is fixed in the latest version of
screen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797624@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Axel Beckert <abe@debian.org> (supplier of updated screen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 01 Sep 2015 17:07:42 +0200
Source: screen
Binary: screen screen-dbg
Architecture: source amd64
Version: 4.3.1-2
Distribution: unstable
Urgency: high
Maintainer: Axel Beckert <abe@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
screen - terminal multiplexer with VT100/ANSI terminal emulation
screen-dbg - Debugging symbols for GNU Screen
Closes: 609656 796690 797624
Changes:
screen (4.3.1-2) unstable; urgency=high
.
* Cherry-pick upstream patch to fix a stack overflow which can be used
crash the SCREEN server process and hence can be used for denial of
service (and possible even worse) attacks. (Closes: #797624)
* Suggest ncurses-term as it can solve cases where screen refuses to
work due to an unknown terminal given in $TERM. (Closes: #609656)
* Remove Jan Christoph Nordholz from Uploaders as suggested by the MIA
team. Thanks for all your work on screen, Jan!
* Override lintian warning systemd-no-service-for-init-rcS-script, it's
a false positive. (More or less closes: #796690)
Checksums-Sha1:
3d9704cd048116382faf0717d70620c3aa296284 2007 screen_4.3.1-2.dsc
d1e9d29ba022af1514c949afea76989099109e0d 39012 screen_4.3.1-2.debian.tar.xz
ccf010e59f91b63ea01d8789aeb2235b286f93cc 451500 screen-dbg_4.3.1-2_amd64.deb
d2ce5716dcfddc8257ace199a095d73082e1824c 570914 screen_4.3.1-2_amd64.deb
Checksums-Sha256:
a1298d24ef30fa08e0d998a05b6f1fa051548b2dfcd2cba82b09425d423c9f06 2007 screen_4.3.1-2.dsc
97a13f6d3e1cb015d6f0d1cd185121781807000e676f2119fb025aebdef073a4 39012 screen_4.3.1-2.debian.tar.xz
20b287473161f7c77feadb289f04e0598689c40afde0d45f7cfd19615708d6ed 451500 screen-dbg_4.3.1-2_amd64.deb
249bbf2a60d747647a1d847023375254716fd63edede8889cc324da2b0387516 570914 screen_4.3.1-2_amd64.deb
Files:
26fcab9bccd1394b8132c6506e7f4029 2007 misc standard screen_4.3.1-2.dsc
8764ae31ea662cdcda0a0930ca5eff0b 39012 misc standard screen_4.3.1-2.debian.tar.xz
dc3379d8722f88ba6b86f981248558b2 451500 debug extra screen-dbg_4.3.1-2_amd64.deb
796b709af31e109cc0a62983cbc44c79 570914 misc standard screen_4.3.1-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV5b+4AAoJEGvmY8daNcl1k6QQALVeigKRU00AROXhR/g0qsP1
GLJpD8VQpeQHPnE12mg0eoqH71W9GaYfkc9XamZWMH4XABymD8yt6hDiHyoVPFSy
tcyg0z9HTqoBk2H1K6+xBsWn+KgZq1wiVPHPIIc/fhy0NrqF5K6/OfcHPjPT/wuE
f+WAdp5P5KnS9MmxC9s4gZIz/BGT0spAmrThXCUJK0zi5oKgFtx64ekbeV/lWbqB
/fvm+x4nHRwkkxpFBPOoBqwDWxhotO0qg5fo7A0uNvqwZ8+X6k1fxvaGnnwLr1wh
DQcyh0ocDsQiGAysSmkKEFMyeXm3a7baNvrbPahhQAICYvYBMxOtw0U6jTzfNx3n
R+Ph+A55+5AnYMRA3ADUXitoPEX1c0o9nf6GPsXiy66yEfTtd00n7kD24luIe+yP
kAesFLr4Y5Y1JVxeZz8lIVxJc9sXmQfkChq9jw+fszpkcqJ0Zr3TobivPkFYPNoB
wX7sEjqVLOqfxed5YJV8VwaxU2bmg3aKntnwT0rtdxbwYutB1ezm4sUwinB5mWNi
NsBIUN6r/P/ktShhA0+ZtZ79BEP9RXqnsvM5MZVF8jkna8CUPNTuLslHHqjW6yc8
Hz5/4XBA/B3mNDUIBGJVHG/TrwhsZtKGexaTbziGaUAGw1PDXcnVLwsURcnl4LHv
ZDJFuvAQfXCYdd742iQ9
=UEzn
-----END PGP SIGNATURE-----
Changed Bug title to 'screen: CVE-2015-6806: DoS attack via stack overflow via terminal control codes' from 'screen: DoS attack via stack overflow via terminal control codes'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 03 Sep 2015 05:36:04 GMT) (full text, mbox, link).
Marked as fixed in versions 4.1.0~20120320gitdb59704-7+deb7u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 04 Sep 2015 08:57:20 GMT) (full text, mbox, link).
Marked as fixed in versions 4.2.1-3+deb8u1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 04 Sep 2015 08:57:21 GMT) (full text, mbox, link).
Reply sent
to Scott Kitterman <scott@kitterman.com>:
You have taken responsibility.
(Sat, 05 Sep 2015 22:09:27 GMT) (full text, mbox, link).
Notification sent
to Axel Beckert <abe@debian.org>:
Bug acknowledged by developer.
(Sat, 05 Sep 2015 22:09:27 GMT) (full text, mbox, link).
Message #25 received at 797624-close@bugs.debian.org (full text, mbox, reply):
Source: screen
Source-Version: 4.0.3-14+deb6u1
We believe that the bug you reported is fixed in the latest version of
screen, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797624@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <scott@kitterman.com> (supplier of updated screen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 05 Sep 2015 16:48:47 -0400
Source: screen
Binary: screen
Architecture: source amd64
Version: 4.0.3-14+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Changed-By: Scott Kitterman <scott@kitterman.com>
Description:
screen - terminal multiplexor with VT100/ANSI terminal emulation
Closes: 797624
Changes:
screen (4.0.3-14+deb6u1) squeeze-lts; urgency=high
.
* Fix stack overflow due to too deep recursion (CVE-2015-6806). (Closes:
#797624)
- Add debian/patches/61denial-of-service-stack-overflow-fix.dpatch to
apply upstream fix
Checksums-Sha1:
e2ef5848e64ff592fa4daadd75485b10feced7e7 1753 screen_4.0.3-14+deb6u1.dsc
62d975a57ce10b8a4d52bdc9319662fd23d2272f 157158 screen_4.0.3-14+deb6u1.diff.gz
3ce89802fa2d9debe8039ac3bbce04da21f9b03d 631524 screen_4.0.3-14+deb6u1_amd64.deb
Checksums-Sha256:
fd199e8cc149252c3e8a418af51af7f1d8850482109b01686e62f7e6e919f500 1753 screen_4.0.3-14+deb6u1.dsc
742bf8cfdd5bb7aad4ed76072caf8f0c071b8766e41e721a63bd6327c38171ae 157158 screen_4.0.3-14+deb6u1.diff.gz
a14c77e3ba3a80a9db55f1e3e1d12f2eb12b7b856bb374daf86e783a472be14a 631524 screen_4.0.3-14+deb6u1_amd64.deb
Files:
4302d2dfe64540689f012b1c044ea20b 1753 misc optional screen_4.0.3-14+deb6u1.dsc
d6cde2c2ea4a695ac085ecdde4e77c13 157158 misc optional screen_4.0.3-14+deb6u1.diff.gz
78a154f1ef06fd396e97d56a08c7aba0 631524 misc optional screen_4.0.3-14+deb6u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV617+AAoJEHjX3vua1Zrxhz8P/356R+j6t5k2Au0z0pdaw5fx
iqGAUw0cEpIQOpQ9QqqSd557aaBprthXljEoWmootnpGqx+ym1hNlO1Gplagv9XH
G5wqXUxgyDNlgkM+CAYWnF+IMiKPS/vA9Itak3Q9NejqO4qDxkMaQmSi3EwGFw0A
NdlG8bEYUCs8xMqt2j4W5bBxxE29ohC3VB0CMrdHKAQfMBoiTi19GUWCqOg1yIHT
t5+ANy70PiZpCpgw9yFblmc32SDnzB9KKJaoEQsSIq/V2e4w0KJb6R0dMqcZfbzs
GJZdKyZN8YT7og+I5f8qU9D09v4XlGUtJ9uyCkQ23/SqEAsIybkExhwVVsHCwSd3
Pua2lOHGz4/ZQwFnrNCqatlUW/TJ7ZmgMHuW+6weoIW+ZXY+ctTzTAznRJiwaEWg
HGewn2EynN2pP8CsYHIsY21B53KcP9OTOpm5sUUIZuB0vXsh+YX54bdQQ+BKqLcP
STy5kBE8xMw/WqSi8AORRp8GRGUGyKkRw5udpaX/6N+7uj5txBjuIvbHWmRH+wyw
IaUvjkS7H8wvMxKdoK8I0R8GGbMfj9ziPwxvN9zvH3BEeMlD6COM3ZCTNV/eveJM
cAG/WC1xm0IXrc9h0gt7vJuxOdTop2R81mKus9Hd3fQHdQtELKeiemzak3Yohcn7
XK33pjOJPnD28rxKIOkG
=ftJt
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 04 Oct 2015 07:40:27 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:27:27 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon