"I never saw this coming." -Blind team bugtraq penetrator Introduction: Administrator bitch to GOBBLES about title email with "ALERT!" and not describe problem in topic. Idiot administrator too lazy to read advisory to see if he affected, probably misses lot of security issues on fine mailing lists because of this. Best practice probably to read advisories anyways. GOBBLES not interested in making change to lifestyle to appease some administrator who make the big dollar, when the big dollar not coming in for nonprofit security organization GOBBLES Security. Many complaint coming in to GOBBLES Security email, regarding thing like advisory style and length, lot of criticism saying stuff like, "Advisory would be better if you quit l33t style greets and attitude", etc. To this, GOBBLES say, if you want to know of important security problem, be happy that there still nonprofit full disclosure security group letting you know about problem and not make you have to spend you company big dollar on buying security advisory from the true evil empire. Stop complaining, idiot, at least you get security candy to impress the ladies with and stuff. And you systems more secure. Anyhow, other common complaint against GOBBLES is, "GOBBLES, friend, you advisories too fluffy." No one complain when w00w00 mix mess of political agenda vs dcma in advisory. [nocarrier(jpr5@right.behind.you)] w00w00's disclosure policy is context sensitive GOBBLES could never compete in fluffy advisory competition when noisy AOL advisory come out from them, where you complaints now hypocrite? But small sacrifice must be made, so GOBBLES go and keep this advisory to bare skin and bone minimum to make idiot who complain happy. Here, hope you happy. Description: Local root hole. Exploits the blind, like underpaid cashier at supermarkets all over world. Exploit for x86 linux. Product: screen, latest source from ftp://ftp.gnu.org/gnu/screen/screen-3.9.11.tar.gz Vendor Notification Status: Oops, GOBBLES forgot socalled important step in full disclosure. Not worried, don't care, this freedom vs security struggle. Disclaimer: If some idiot already publish advisory for this, and maintainers left vicious root hole in software, it not GOBBLES fault. Scan on GOBBLES search engine only show private exploit for screen that exist, which this not one of, so hoping this not cause big fuss like ntop advisory, but whatever GOBBLES not really care. Closing: GOBBLES Security is still the largest, nonprofit + active security group (in full disclosure sector). Don't listen to d00d00 when they make this claim. . . maybe time for Emmanual Goldstien to step in to the rescue to prevent d00d00 from making this ridiculous claim and save GOBBLES online freedom uptime and stuff... gr33tz: zen the ripper, an inspiration to GOBBLES, you everythign GOBBLES not want to be, keep fighting good fight or whatever you do, good wargames and stuff, good quality vulnerable code you write, you the master... ps: no free tshirt included with this advisory. [msg(skyper)] hehe hehehe heh ehehehe :PPppppppppp skyper: No such nick/channel ok ok, skyper can have free GOBBLES Security tshirt... if he skyper enough to come and get it, hehehehe... <3 <********> opera is a wonderful browser..if only you could actually view webpages with it