Local Privilege Escalation Vulnerability in GNU Screen
CVE-2017-5618

7.8HIGH

Key Information:

Vendor

Gnu
Status
Screen
Vendor
CVE Published:
20 March 2017

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2017-5618?

A vulnerability in GNU Screen prior to version 4.5.1 allows local users to manipulate arbitrary files due to insufficient checks on logfile permissions. This flaw enables attackers to escalate their privileges to root, potentially compromising system security. Users of affected versions are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-5618-Screen-4.5.0-Root
Created by RXDarkee

References

http://git.savannah.gnu.org/cgit/screen.git/tree/src/Chan...
x_refsource_CONFIRM
http://savannah.gnu.org/bugs/?50142
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2017/01/29/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.