CVE-2025-46802

Опубликовано: 26 мая 2025

Источник: debian

Описание

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Пакет	Статус	Версия исправления	Релиз	Тип
screen	fixed	4.9.1-3		package

Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
https://www.openwall.com/lists/oss-security/2025/05/12/1
Has potential to break some reattach use cases, but the specific use case
was broken already before.
screen in Debian not installed setuid or setgid

CVE-2025-46802

CVSS3: 6

ubuntu

9 месяцев назад

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

CVE-2025-46802

CVSS3: 7.8

redhat

9 месяцев назад

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

CVE-2025-46802

CVSS3: 6

nvd

9 месяцев назад

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

SUSE-SU-2025:02186-1

suse-cvrf

7 месяцев назад

Security update for screen

SUSE-SU-2025:02016-1

suse-cvrf

8 месяцев назад

Security update for screen