CVE-2025-46802 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Access restriction bypass |
| Description | This issue is found in the Attach() function when the multiattach flag is set (i.e. Screen attempts to attach to a multi-user session). The function performs a chmod() of the current TTY to mode 0666. The path to the current TTY is stored in the attach_tty string. The issue with this temporary TTY mode change is that it introduces a race condition allowing any other user in the system to open the caller’s TTY for reading and writing for a short period of time. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2862 | screen | 5.0.0-2 | 5.0.0-3 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 13 May 2025 | ASA-202505-1 | AVG-2862 | screen | High | multiple issues |
| References |
|---|
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a |