CVE-2009-1214

GNU Screen - Access Control

Title source: rule

Description

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

References (7)

[Issue Tracking] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123

[Various Sources] http://savannah.gnu.org/bugs/?25296

[Issue Tracking] https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=492104

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49886

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34521

[Mailing List] http://www.openwall.com/lists/oss-security/2009/03/25/7

Scores

EPSS 0.0008

EPSS Percentile 24.3%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

gnu/screen

Timeline

Published Apr 01, 2009

Tracked Since Feb 18, 2026