Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local root exploit via `logfile_reopen()` in screen 5.0.0 with setuid-root bit set
Vulnerability Description
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with `root` ownership, the invoking user's (real) group ownership and file mode 0644. All data written to the Screen PTY will be logged into this file, allowing to escalate to root privileges
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权放弃/降低错误
Vulnerability Title
GNU Screen 安全漏洞
Vulnerability Description
GNU Screen是美国GNU社区的一个应用软件。提供一个物理终端上获得多个虚拟终端的效果。 GNU Screen存在安全漏洞,该漏洞源于logfile_reopen函数未正确丢弃权限,可能导致任意文件创建。
CVSS Information
N/A
Vulnerability Type
N/A