CVE-2023-24626

2023-04-0805:15:07

Debian Security Bug Tracker

security-tracker.debian.org

cve-2023-24626

socket.c

gnu screen

setuid

setgid

arch linux

freebsd

sighup

denial of service

disruption

unix

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

26.4%

JSON

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

OSVersionArchitecturePackageVersionFilename
Debian12allscreen<= 4.9.0-4screen_4.9.0-4_all.deb
Debian11allscreen<= 4.8.0-6screen_4.8.0-6_all.deb
Debian999allscreen< 4.9.1-1screen_4.9.1-1_all.deb
Debian13allscreen< 4.9.1-1screen_4.9.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	screen	<= 4.9.0-4	screen_4.9.0-4_all.deb
Debian	11	all	screen	<= 4.8.0-6	screen_4.8.0-6_all.deb
Debian	999	all	screen	< 4.9.1-1	screen_4.9.1-1_all.deb
Debian	13	all	screen	< 4.9.1-1	screen_4.9.1-1_all.deb