Local Information Exposure in GNU Screen by GNU
CVE-2009-1214

Currently unrated

Key Information:

Vendor: Gnu
Status: Screen
Vendor: CVE Published:; 1 April 2009

Summary

GNU Screen version 4.0.3 creates a temporary file named /tmp/screen-exchange with world-readable permissions. This misconfiguration permits local users to access sensitive session information, potentially leading to unauthorized exposure of data. Organizations using this version should assess their security policies and consider updating to mitigate the risks associated with local access vulnerabilities.

References

https://bugzilla.redhat.com/show_bug.cgi?id=492104

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/49886

vdb-entryx_refsource_XF

http://www.openwall.com/lists/oss-security/2009/03/25/7

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 1, 2009
Vulnerability Reserved
Mar 31, 2009