1.9
CVE-2009-1215
- EPSS 0.23%
- Veröffentlicht 01.04.2009 10:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gnu ≫ Gnu Screen Version4.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.137 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:N/I:P/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123
http://savannah.gnu.org/bugs/?25296
http://www.openwall.com/lists/oss-security/2009/03/25/7
http://www.securityfocus.com/bid/34521
https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993
https://bugzilla.redhat.com/show_bug.cgi?id=492104
https://exchange.xforce.ibmcloud.com/vulnerabilities/49887