CVE-2000-0901

screen <3.9.5 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0901. PoCs published by IhaQueR@IRCnet.

AI-analyzed exploit summary This exploit targets a format string vulnerability in screen versions 3.7.6 and prior, allowing local privilege escalation by manipulating the user ID variable when screen is setuid root. It crafts a malicious .screenrc file and executes screen to trigger the vulnerability.

Description

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by IhaQueR@IRCnet · clocalbsd
https://www.exploit-db.com/exploits/20191

This exploit targets a format string vulnerability in screen versions 3.7.6 and prior, allowing local privilege escalation by manipulating the user ID variable when screen is setuid root. It crafts a malicious .screenrc file and executes screen to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: screen 3.7.6 and prior
No auth needed
Prerequisites: screen must be setuid root · local access to the system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5188
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-058.html
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/80178
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1641
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html

Scores

EPSS 0.0097
EPSS Percentile 57.3%

Details

Status published
Products (3)
juergen/weigert_screen 3.9.3
juergen/weigert_screen 3.9.4
juergen/weigert_screen 3.9.5
Published Dec 19, 2000
Tracked Since Feb 18, 2026