_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
Author: Rembrandt
Date: Known since somewhere in &cant_remember
Affected Software: screen <= 4.0.3
Type: Local
Type: Authentication Bypass
Greets go to: Helith and all affiliated People, t3c0, levent, str0ke,
hdm, The EOF-Crew, rrlf, herm1t, Solar Designer, softxor,
Packetstorm, FeFe, kscope, Zarathu, f0rg3, Mr. Joern Alles
Disrespect goes to: A Bank [/]
And others included into this case…
I didn`t found a Adv. related to this so I decided to write one. :]
screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a Password.
It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.
How to reproduce:
Lock screen using ctrl+x
Choose a Password
Confirm the Password
Screen asks for a Password to unlock the screen.
Just press ctrl+c and it displays "Getpass error".
2 seconds later the screen is unlocked and you`ve access.
Have fun!