Vulnerabilities > CVE-2017-5618 - Incorrect Authorization vulnerability in GNU Screen

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gnu

CWE-863

NVD

Published: 2017-03-20

Updated: 2020-08-24

Summary

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Screen - GNU Screen 3.6.0 GNU Screen 3.6.1 GNU Screen 3.6.2 GNU Screen 3.7.1 GNU Screen 3.7.2 GNU Screen 3.7.4 GNU Screen 3.7.6 GNU Screen 3.9.4 GNU Screen 3.9.8 GNU Screen 3.9.9 GNU Screen 3.9.10 GNU Screen 3.9.11 GNU Screen 3.9.13 GNU Screen 3.9.15 GNU Screen 4.0.1 GNU Screen 4.0.2 GNU Screen 4.0.3 GNU Screen 4.2.0 GNU Screen 4.2.1 GNU Screen 4.3.0 GNU Screen 4.3.1 GNU Screen 4.4.0 GNU Screen 4.5.0	24

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References