Improper Privilege Management - CVE-2017-5618
Published: March 20, 2017 / Updated: August 4, 2020
Vulnerability identifier: #VU33554
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5618
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
How to mitigate CVE-2017-5618
Install update from vendor's website.
Sources
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1
- http://savannah.gnu.org/bugs/?50142
- http://www.openwall.com/lists/oss-security/2017/01/29/3
- http://www.securityfocus.com/bid/95873
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html