UbuntuUSN-6198-1GNU Screen vulnerability
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.3%
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- screen - terminal multiplexer with VT100/ANSI terminal emulation
Details
It was discovered that GNU Screen was not properly checking user
identifiers before sending certain signals to target processes. If GNU
Screen was installed as setuid or setgid, a local attacker could possibly
use this issue to cause a denial of service on a target application.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | screen | < 4.6.2-1ubuntu1.1+esm1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | screen | < 4.6.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | screen-dbgsym | < 4.6.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 18.04 | noarch | screen-udeb | < 4.6.2-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | screen | < 4.3.1-2ubuntu0.1+esm1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | screen | < 4.3.1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | screen-dbg | < 4.3.1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 16.04 | noarch | screen-dbgsym | < 4.3.1-2ubuntu0.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | screen | < 4.1.0~20120320gitdb59704-9ubuntu0.1~esm3 | UNKNOWN |
| Ubuntu | 14.04 | noarch | screen | < 4.2.1-2~ubuntu14.04.1 | UNKNOWN |
References
Related
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.3%