Test ID:	1.3.6.1.4.1.25623.1.0.50769
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2003:113 (screen)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to screen announced via advisory MDKSA-2003:113. A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so. Updated packages are available that fix the vulnerability. Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0972 http://marc.theaimsgroup.com/?l=bugtraq&m=106995837813873&w=2 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0972 Bugtraq: 20031127 GNU screen buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=106995837813873&w=2 Conectiva Linux advisory: CLA-2004:809 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000809 Debian Security Information: DSA-408 (Google Search) http://www.debian.org/security/2004/dsa-408 http://www.mandriva.com/security/advisories?name=MDKSA-2003:113 http://secunia.com/advisories/10539
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.