CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24626 – GNU screen v4.9.0 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-24626
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. GNU screen version 4.9.0 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/51252 https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 https://savannah.gnu.org/bugs/?63195 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 3CVE-2021-26937 – screen: crash when processing combining chars
https://notcve.org/view.php?id=CVE-2021-26937
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. El archivo encoding.c en GNU Screen versiones hasta 4.8.0, permite a atacantes remotos causar una denegación de servicio (acceso de escritura no válido y bloqueo de la aplicación) o posiblemente tener otro impacto no especificado por medio de una secuencia de caracteres UTF-8 diseñada A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://www.openwall.com/lists/oss-security/2021/02/09/8 https://ftp.gnu.org/gnu/screen https://lists.debian.org/debian-lts-announce/2021/02/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNWBOIDEPOEQS5RMQVMFKHKXJCGNYWBL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJWLXP45POUUYBJRRWPVAWNZDJTLYWVM https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html https://security.gentoo.org/glsa/ • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9366
https://notcve.org/view.php?id=CVE-2020-9366
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. Se encontró un desbordamiento del búfer en la forma en que GNU Screen versiones anteriores a 4.8.0, trató el escape especial a OSC 49. Una salida especialmente diseñada, o un programa especial, podría corromper la memoria y bloquear La Pantalla o posiblemente tener otro impacto no especificado. • http://www.openwall.com/lists/oss-security/2020/02/25/1 https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html https://security.gentoo.org/glsa/202003-62 https://www.openwall.com/lists/oss-security/2020/02/06/3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-5618
https://notcve.org/view.php?id=CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. GNU screen en versiones anteriores a 4.5.1 permiten a los usuarios locales modificar archivos arbitrarios y en consecuencia obtener privilegios root al aprovechar la comprobación incorrecta de los permisos de archivos de registro. • http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8 http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1 http://savannah.gnu.org/bugs/?50142 http://www.openwall.com/lists/oss-security/2017/01/29/3 http://www.securityfocus.com/bid/95873 https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html • CWE-863: Incorrect Authorization •
CVSS: 2.6EPSS: 4%CPEs: 1EXPL: 0CVE-2006-4573
https://notcve.org/view.php?id=CVE-2006-4573
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. Múltiples vulnerabilidades no especificadas en el "manejo de combinaciones de caracteres utf8" (función utf8_handle_comb en encoding.c) en screen anterior a 4.0.3 permite a atacantes con la complicidad del usuario provocar una denegación de servicio (caída o cuelgue) mediante ciertas secuencias UTF8. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html http://secunia.com/advisories/22573 http://secunia.com/advisories/22583 http://secunia.com/advisories/22611 http://secunia.com/advisories/22647 http://secunia.com/advisories/22649 http://secunia.com/advisories/22707 http://secunia.com/advisories/22726 http://secunia.com/advisories/2 •