Lucene search
Ubuntu.comUB:CVE-2023-24626HistoryApr 08, 2023 - 12:00 a.m.
CVE-2023-24626
2023-04-0800:00:00
ubuntu.com
ubuntu.com
9
0.001 Low
EPSS
Percentile
26.2%
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the
default on platforms such as Arch Linux and FreeBSD), allows local users to
send a privileged SIGHUP signal to any PID, causing a denial of service or
disruption of the target process.
Bugs
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | debian does not use setuid or setgid for screen by default |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | screen | < 4.6.2-1ubuntu1.1+esm1 | UNKNOWN |
| ubuntu | 20.04 | noarch | screen | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | screen | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | screen | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | screen | < any | UNKNOWN |
| ubuntu | 14.04 | noarch | screen | < 4.1.0~20120320gitdb59704-9ubuntu0.1~esm3 | UNKNOWN |
| ubuntu | 16.04 | noarch | screen | < 4.3.1-2ubuntu0.1+esm1 | UNKNOWN |
References
git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
launchpad.net/bugs/cve/CVE-2023-24626
nvd.nist.gov/vuln/detail/CVE-2023-24626
savannah.gnu.org/bugs/?63195 (private)
security-tracker.debian.org/tracker/CVE-2023-24626
ubuntu.com/security/notices/USN-6198-1
www.cve.org/CVERecord?id=CVE-2023-24626
www.exploit-db.com/exploits/51252
Related
nessus
nessus
EulerOS 2.0 SP10 : screen (EulerOS-SA-2023-2393)
2023-07-18 00:00:00
EulerOS 2.0 SP11 : screen (EulerOS-SA-2023-2667)
2024-01-16 00:00:00
EulerOS 2.0 SP8 : screen (EulerOS-SA-2023-3159)
2024-01-16 00:00:00
ibm
ibm
packetstorm
packetstorm
GNU screen 4.9.0 Privilege Escalation
2023-04-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-2709)
2023-09-05 00:00:00
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-2367)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-3455)
2023-12-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-05-14 08:25:58
amazon
amazon
Low: screen
2023-04-27 18:36:00
alpinelinux
alpinelinux
CVE-2023-24626
2023-04-08 05:15:07
debiancve
debiancve
CVE-2023-24626
2023-04-08 05:15:07
zdt
zdt
GNU screen v4.9.0 - Privilege Escalation Exploit
2023-04-05 00:00:00
cvelist
cvelist
CVE-2023-24626
2023-04-08 00:00:00
prion
prion
Design/Logic Flaw
2023-04-08 05:15:00
cbl_mariner
cbl_mariner
CVE-2023-24626 affecting package screen for versions less than 4.9.1-1
2023-09-28 11:57:58
osv
osv
screen vulnerability
2023-07-03 12:53:20
CVE-2023-24626
2023-04-08 05:15:07
redhatcve
redhatcve
CVE-2023-24626
2023-04-10 06:29:46
mageia
mageia
Updated screen packages fix security vulnerability
2024-03-14 02:14:37
cve
cve
CVE-2023-24626
2023-04-08 05:15:07
ubuntu
ubuntu
GNU Screen vulnerability
2023-07-03 00:00:00
exploitdb
exploitdb
GNU screen v4.9.0 - Privilege Escalation
2023-04-05 00:00:00