Race Condition Vulnerability in GNU Screen by GNU
CVE-2009-1215

Currently unrated

Key Information:

Vendor: Gnu
Status: Gnu Screen
Vendor: CVE Published:; 1 April 2009

Summary

A race condition vulnerability exists in GNU Screen 4.0.3 that enables local users to manipulate arbitrary files through a symlink attack on the /tmp/screen-exchange temporary file. This flaw could allow an attacker to overwrite crucial files, potentially leading to unauthorized access or system instability. Proper user permissions and secure file handling are critical to mitigate this risk.

References

https://bugzilla.redhat.com/show_bug.cgi?id=492104

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2009/03/25/7

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 1, 2009
Vulnerability Reserved
Mar 31, 2009