CVE-2000-0901

screen <3.9.5 - Privilege Escalation

Title source: llm

Description

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by IhaQueR@IRCnet · clocalbsd

https://www.exploit-db.com/exploits/20191

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/5188

[Various Sources] http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2000-058.html

[Vendor Advisory] http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/80178

[Various Sources] ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/1641

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html

Scores

EPSS 0.0027

EPSS Percentile 50.4%

Details

Status published

Products (3)

juergen/weigert_screen 3.9.3

juergen/weigert_screen 3.9.4

juergen/weigert_screen 3.9.5

Published Dec 19, 2000

Tracked Since Feb 18, 2026