Download
| Alert*
oval:org.secpod.oval:def:1800684
Commit f86a374 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several ways. Affects screen 4.4.0 to and inclusive 4.5.0 oval:org.secpod.oval:def:1800762 Commit f86a374 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several ways. Affects: screen 4.4.0 to and inclusive 4.5.0 oval:org.secpod.oval:def:2100933 GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. |