Lucene search
K

screen-unlock.txt

🗓️ 07 Jun 2007 00:00:00Reported by RembrandtType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 32 Views

Authentication bypass vulnerability allows local access in locked screen versions up to 4.0.3.

Code
` _ _ _____ _ ___ _____ _ _  
/ / / / ____/ / / _/_ __/ / / /  
/ /_/ / __/ / / / / / / / /_/ /  
/ __ / /___/ /____/ / / / / __ /  
/_/ /_/_____/_____/___/ /_/ /_/ /_/  
Helith - 0815  
--------------------------------------------------------------------------------  
  
  
Author: Rembrandt  
Date: Known since somewhere in &cant_remember  
Affected Software: screen <= 4.0.3  
Type: Local  
Type: Authentication Bypass  
  
Greets go to: Helith and all affiliated People, t3c0, levent, str0ke,  
hdm, The EOF-Crew, rrlf, herm1t, Solar Designer, softxor,  
Packetstorm, FeFe, kscope, Zarathu, f0rg3, Mr. Joern Alles  
  
Disrespect goes to: A Bank [/]  
And others included into this case...  
  
Personal note: I wanna get MY STUFF BACK!  
This is the last "diplomatic" attemp made directly.  
Contact me if you`re interested into a deescalation.  
Nobody is interested into making the things even more complicated  
or? So make your choice. And you better hurry...  
And this is no blackmailing attemp but others may decide for you  
if you don`t do it.  
IMPORTENT: Turn your brain "ON" this time.  
--------------------------------------------------------------------------------  
  
I didn`t found a Adv. related to this so I decided to write one. :]  
  
screen is vulnerable to a authentication bypass which allows local attackers  
to gain system access in case screen was locked with a Password.  
  
It has been tested on OpenBSD 4.1 + screen 4.0.3 on x86.  
  
How to reproduce:  
  
Lock screen using ctrl+x  
Choose a Password  
Confirm the Password  
  
Screen asks for a Password to unlock the screen.  
Just press ctrl+c.  
2 seconds later the screen is unlocked and you`ve access.  
  
  
Have fun!  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

07 Jun 2007 00:00Current
7.4High risk
Vulners AI Score7.4
32