CVE-2017-5618

CWE-863Incorrect Authorization7 documents7 sources
Severity
7.8HIGH
EPSS
3.1%
top 13.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Screen
Timeline
PublishedMar 20
Latest updateMay 13

Description

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianscreen< 4.5.0-3+3
NVDgnu/screen4.5.0

Patches

Patch: git.savannah.gnu.orgPatch: git.savannah.gnu.org

🔴Vulnerability Details

3
GHSA
GHSA-qj7p-fvh6-8gg6: GNU screen before 42022-05-13
OSV
CVE-2017-5618: GNU screen before 42017-03-20
CVEList
CVE-2017-5618: GNU screen before 42017-03-20

📋Vendor Advisories

2
Red Hat
screen: Privilege escalation via unsafe logfile handling2017-01-24
Debian
CVE-2017-5618: screen - GNU screen before 4.5.1 allows local users to modify arbitrary files and consequ...2017

💬Community

1
Bugzilla
CVE-2017-5618 screen: Privilege escalation via unsafe logfile handling2017-01-26
CVE-2017-5618 (HIGH CVSS 7.8) | GNU screen before 4.5.1 allows loca | cvebase.io