Vulnerabilities > CVE-2017-5618 - Incorrect Authorization vulnerability in GNU Screen
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1
- http://savannah.gnu.org/bugs/?50142
- http://savannah.gnu.org/bugs/?50142
- http://www.openwall.com/lists/oss-security/2017/01/29/3
- http://www.openwall.com/lists/oss-security/2017/01/29/3
- http://www.securityfocus.com/bid/95873
- http://www.securityfocus.com/bid/95873
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html