Local Privilege Escalation in GNU Screen on Arch Linux and FreeBSD
CVE-2023-24626

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Screen
Vendor: CVE Published:; 8 April 2023

Summary

A vulnerability in GNU Screen occurs due to improper handling of the setuid and setgid settings, particularly on systems like Arch Linux and FreeBSD. Local users can exploit this weakness to send a SIGHUP signal to any process ID, potentially leading to denial of service or disruption of the target applications. This raises significant concerns about the integrity of software behavior when running in privileged modes, allowing for unauthorized process manipulation.

References

https://savannah.gnu.org/bugs/?63195

https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9...

https://www.exploit-db.com/exploits/51252

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 8, 2023
Vulnerability Reserved
Jan 30, 2023