CVE-2017-5618

HIGH

GNU Screen < 4.5.0 - Incorrect Authorization

Title source: rule

Description

GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.

Exploits (2)

nomisec WORKING POC 2 stars

by RXDarkee · poc

https://github.com/RXDarkee/CVE-2017-5618-Screen-4.5.0-Root

View Code ZIP pw:eip

gitlab

by 10vuln · poc

https://gitlab.com/penetration-test-learn/10vuln/exploits

View on gitlab

References (6)

[Patch, Third Party Advisory] http://git.savannah.gnu.org/cgit/screen.git/patch/?id=1c6d2817926d30c9a7a97d99af7ac5de4a5845b8

[Release Notes, Third Party Advisory] http://git.savannah.gnu.org/cgit/screen.git/tree/src/ChangeLog?h=v.4.5.1

[Third Party Advisory] http://savannah.gnu.org/bugs/?50142

[Exploit, Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2017/01/29/3

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95873

[Exploit, Third Party Advisory] https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html

Scores

CVSS v3 7.8

EPSS 0.0305

EPSS Percentile 86.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-863

Status draft

Affected Products (1)

gnu/screen < 4.5.0

Timeline

Published Mar 20, 2017

Tracked Since Feb 18, 2026