7.8

CVE-2017-5618

Exploit
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuScreen Version <= 4.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.09% 0.609
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8
Patch
Third Party Advisory
http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1
Third Party Advisory
Release Notes
http://savannah.gnu.org/bugs/?50142
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/29/3
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/95873
Third Party Advisory
VDB Entry
https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
Third Party Advisory
Exploit