Local Privilege Escalation Vulnerability in GNU Screen
CVE-2017-5618

7.8HIGH

Key Information:

Vendor
Gnu
Status
Screen
Vendor
CVE Published:
20 March 2017

Summary

A vulnerability in GNU Screen prior to version 4.5.1 allows local users to manipulate arbitrary files due to insufficient checks on logfile permissions. This flaw enables attackers to escalate their privileges to root, potentially compromising system security. Users of affected versions are strongly advised to upgrade to the latest version to mitigate risks associated with this vulnerability.

References

http://git.savannah.gnu.org/cgit/screen.git/tree/src/Chan...
x_refsource_CONFIRM
http://savannah.gnu.org/bugs/?50142
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2017/01/29/3
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.