CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24626 – GNU screen v4.9.0 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-24626
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. GNU screen version 4.9.0 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/51252 https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 https://savannah.gnu.org/bugs/?63195 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 3CVE-2021-26937 – screen: crash when processing combining chars
https://notcve.org/view.php?id=CVE-2021-26937
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. El archivo encoding.c en GNU Screen versiones hasta 4.8.0, permite a atacantes remotos causar una denegación de servicio (acceso de escritura no válido y bloqueo de la aplicación) o posiblemente tener otro impacto no especificado por medio de una secuencia de caracteres UTF-8 diseñada A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/02/09/8 https://ftp.gnu.org/gnu/screen https://lists.debian.org/debian-lts-announce/2021/02/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNWBOIDEPOEQS5RMQVMFKHKXJCGNYWBL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJWLXP45POUUYBJRRWPVAWNZDJTLYWVM https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html https://security.gentoo.org/glsa/ • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9366
https://notcve.org/view.php?id=CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. Se encontró un desbordamiento del búfer en la forma en que GNU Screen versiones anteriores a 4.8.0, trató el escape especial a OSC 49. Una salida especialmente diseñada, o un programa especial, podría corromper la memoria y bloquear La Pantalla o posiblemente tener otro impacto no especificado. • http://www.openwall.com/lists/oss-security/2020/02/25/1 https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html https://security.gentoo.org/glsa/202003-62 https://www.openwall.com/lists/oss-security/2020/02/06/3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-5618
https://notcve.org/view.php?id=CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. GNU screen en versiones anteriores a 4.5.1 permiten a los usuarios locales modificar archivos arbitrarios y en consecuencia obtener privilegios root al aprovechar la comprobación incorrecta de los permisos de archivos de registro. • http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8 http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1 http://savannah.gnu.org/bugs/?50142 http://www.openwall.com/lists/oss-security/2017/01/29/3 http://www.securityfocus.com/bid/95873 https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html • CWE-863: Incorrect Authorization •
CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1215
https://notcve.org/view.php?id=CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. Condición de carrera en GNU screen v4.0.3, permite a usuarios locales crear y sobreescribir archivos de su elección a través de un ataque de enlace simbólico al archivo temporal /tmp/screen-exchange. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 http://savannah.gnu.org/bugs/?25296 http://www.openwall.com/lists/oss-security/2009/03/25/7 http://www.securityfocus.com/bid/34521 https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 https://bugzilla.redhat.com/show_bug.cgi?id=492104 https://exchange.xforce.ibmcloud.com/vulnerabilities/49887 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •