CVE-2017-5618

HIGH

GNU screen < 4.5.1 - Unauthenticated Arbitrary File Write via Logfile Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5618. PoCs published by RXDarkee.

AI-analyzed exploit summary This is a functional local privilege escalation exploit for GNU Screen 4.5.0 (CVE-2017-5618) that leverages shared library hijacking via ld.so.preload manipulation to gain root access. The exploit creates a malicious library and a setuid root shell, then tricks Screen into overwriting /etc/ld.so.preload to load the library.

Description

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

Exploits (1)

nomisec WORKING POC 2 stars

by RXDarkee · poc

https://github.com/RXDarkee/CVE-2017-5618-Screen-4.5.0-Root

View Code ZIP pw:eip

This is a functional local privilege escalation exploit for GNU Screen 4.5.0 (CVE-2017-5618) that leverages shared library hijacking via ld.so.preload manipulation to gain root access. The exploit creates a malicious library and a setuid root shell, then tricks Screen into overwriting /etc/ld.so.preload to load the library.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: GNU Screen 4.5.0

Auth required

Prerequisites: Local access to a vulnerable system · GNU Screen 4.5.0 installed · Ability to compile C code

MITRE ATT&CK