CVE-2003-0972 | Vulnerability Database | Aqua Security

Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ; (semicolon) characters in escape sequences, which leads to a buffer overflow.

Affected Software

Name	Vendor	Start Version	End Version
Screen	Gnu	3.9.4 (including)	3.9.4 (including)
Screen	Gnu	3.9.8 (including)	3.9.8 (including)
Screen	Gnu	3.9.9 (including)	3.9.9 (including)
Screen	Gnu	3.9.10 (including)	3.9.10 (including)
Screen	Gnu	3.9.11 (including)	3.9.11 (including)
Screen	Gnu	3.9.13 (including)	3.9.13 (including)
Screen	Gnu	3.9.15 (including)	3.9.15 (including)
Screen	Gnu	4.0.1 (including)	4.0.1 (including)
Screen	Ubuntu	dapper	*
Screen	Ubuntu	devel	*
Screen	Ubuntu	edgy	*
Screen	Ubuntu	feisty	*

References

http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000809
http://groups.yahoo.com/group/gnu-screen/message/3118
http://marc.info/?l=bugtraq\u0026m=106995837813873\u0026w=2
http://secunia.com/advisories/10539
http://www.debian.org/security/2004/dsa-408
http://www.mandriva.com/security/advisories?name=MDKSA-2003:113
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000809
http://groups.yahoo.com/group/gnu-screen/message/3118
http://marc.info/?l=bugtraq\u0026m=106995837813873\u0026w=2
http://secunia.com/advisories/10539
http://www.debian.org/security/2004/dsa-408
http://www.mandriva.com/security/advisories?name=MDKSA-2003:113

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0972
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html