#VU33554 Improper Privilege Management - CVE-2017-5618
Published: March 20, 2017 / Updated: August 4, 2020
Vulnerability identifier: #VU33554
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5618
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Software vendor:
Description
The vulnerability allows a local authenticated user to execute arbitrary code.
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Remediation
Install update from vendor's website.
External links
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1
- http://savannah.gnu.org/bugs/?50142
- http://www.openwall.com/lists/oss-security/2017/01/29/3
- http://www.securityfocus.com/bid/95873
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html