Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2025-46804 - log back

CVE-2025-46804 edited at 13 May 2025 19:11:12

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Privilege escalation

Description

+

This is a minor information leak when running Screen with setuid-root privileges that is found in older Screen versions, as well as in version 5.0.0. The code in screen.c starting at line 849 inspects the resulting SocketPath with root privileges, and provides error messages that allow unprivileged users to deduce information about the path that would otherwise not be available. An easy way to achieve this is by using the SCREENDIR environment variable.

References

+	https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30

Notes

CVE-2025-46804 created at 13 May 2025 18:58:50