| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Access restriction bypass |
|
| Description |
| + |
This issue is found in the Attach() function when the multiattach flag is set (i.e. Screen attempts to attach to a multi-user session). The function performs a chmod() of the current TTY to mode 0666. The path to the current TTY is stored in the attach_tty string. The issue with this temporary TTY mode change is that it introduces a race condition allowing any other user in the system to open the caller’s TTY for reading and writing for a short period of time. |
|
| References |
| + |
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a |
|
| Notes |
|