Vulnerability Description
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Screen | <= 4.5.0 |
Related Weaknesses (CWE)
References
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99afPatchThird Party Advisory
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1Release NotesThird Party Advisory
- http://savannah.gnu.org/bugs/?50142Third Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/29/3ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/95873Third Party AdvisoryVDB Entry
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.htmlExploitThird Party Advisory
- http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99afPatchThird Party Advisory
- http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1Release NotesThird Party Advisory
- http://savannah.gnu.org/bugs/?50142Third Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/29/3ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/95873Third Party AdvisoryVDB Entry
- https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.htmlExploitThird Party Advisory
FAQ
What is CVE-2017-5618?
CVE-2017-5618 is a vulnerability with a CVSS score of 7.8 (HIGH). GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
How severe is CVE-2017-5618?
CVE-2017-5618 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5618?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Screen.