ID CVE-2006-4573
Summary Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
References
Vulnerable Configurations
  • GNU screen 4.0.2
    cpe:2.3:a:gnu:screen:4.0.2
CVSS
Base: 2.6 (as of 24-10-2006 - 15:34)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1202.NASL
    description 'cstone' and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22934
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22934
    title Debian DSA-1202-1 : screen - programming error
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2007-005.NASL
    description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 25297
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25297
    title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SCREEN-2199.NASL
    description A special formed UTF-8 sequence in text could be used to crash the terminal multitasker screen by overwriting memory in the heap. This is potentially exploitable to execute code. (CVE-2006-4573)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29578
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29578
    title SuSE 10 Security Update : screen (ZYPP Patch Number 2199)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_B318DC8C675611DB83C3000C6EC775D9.NASL
    description A vulnerability in the handling of combined UTF-8 characters in screen may allow an user-assisted attacker to crash screen or potentially allow code execution as the user running screen. To exploit this issue the user running scren must in some way interact with the attacker.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 22925
    published 2006-10-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22925
    title FreeBSD : screen -- combined UTF-8 characters vulnerability (b318dc8c-6756-11db-83c3-000c6ec775d9)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11260.NASL
    description A special formed UTF-8 sequence in text could be used to crash the terminal multitasker screen by overwriting memory in the heap. This is potentially exploitable to execute code. (CVE-2006-4573)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41104
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41104
    title SuSE9 Security Update : screen (YOU Patch Number 11260)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-307-02.NASL
    description New screen packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix a security issue.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 24658
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24658
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : screen (SSA:2006-307-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-01 (Screen: UTF-8 character handling vulnerability) cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Impact : The vulnerability can be exploited by writing a special string of characters to a Screen window. A remote attacker could cause a Denial of Service or possibly execute arbitrary code with the privileges of the user running Screen through a program being run inside a Screen session, such as an IRC client or a mail client. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 22939
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22939
    title GLSA-200611-01 : Screen: UTF-8 character handling vulnerability
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SCREEN-2198.NASL
    description A special formed UTF-8 sequence in text could be used to crash the terminal multitasker screen by overwriting memory in the heap. This is potentially exploitable to execute code. (CVE-2006-4573)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27433
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27433
    title openSUSE 10 Security Update : screen (screen-2198)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-370-1.NASL
    description cstone and Rich Felker discovered a programming error in the UTF8 string handling code of 'screen' leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27951
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27951
    title Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : screen vulnerability (USN-370-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-191.NASL
    description Multiple unspecified vulnerabilities in the 'utf8 combining characters handling' (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24576
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24576
    title Mandrake Linux Security Advisory : screen (MDKSA-2006:191)
refmap via4
apple APPLE-SA-2007-05-24
bid 20727
confirm
debian DSA-1202
gentoo GLSA-200611-01
mandriva MDKSA-2006:191
mlist [screen-users] 20061023 Secfix release for screen: screen-4.0.3
openpkg OpenPKG-SA-2006.026
secunia
  • 22573
  • 22583
  • 22611
  • 22647
  • 22649
  • 22707
  • 22726
  • 25402
slackware SSA:2006-307-02
ubuntu USN-370-1
vupen
  • ADV-2006-4189
  • ADV-2007-1939
Last major update 07-03-2011 - 21:41
Published 24-10-2006 - 14:07
Back to Top