Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-24626

Опубликовано: 08 апр. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

A flaw was found in screen. This flaw allows local users to send a SIGHUP signal to any PID due to a missing signal sending permission check, potentially resulting in a denial of service or disruption of the target process.

Отчет

The screen binary as shipped with Red Hat Enterprise Linux is installed with the set-group-ID mode bit set. However, the binary's group is set to screen and not root, limiting the security impact of this issue. The screen package is not shipped in Red Hat Enterprise Linux 8 and 9. Therefore, these versions of RHEL are not affected by this flaw and are not listed in the Affected Packages list below.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6screenOut of support scope
Red Hat Enterprise Linux 7screenOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=2185517screen: allows sending SIGHUP to arbitrary PIDs

EPSS

Процентиль: 15%
0.00048
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-24626

CVSS3: 6.5
ubuntu
почти 3 года назад

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

nvd логотип

CVE-2023-24626

CVSS3: 6.5
nvd
почти 3 года назад

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

msrc логотип

CVE-2023-24626

CVSS3: 6.5
msrc
больше 2 лет назад

socket.c in GNU Screen through 4.9.0 when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD) allows local users to send a privileged SIGHUP signal to any PID causing a denial of service or disruption of the target process.

debian логотип

CVE-2023-24626

CVSS3: 6.5
debian
почти 3 года назад

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid ...

github логотип

GHSA-wr4w-95gx-6cfr

CVSS3: 7.8
github
почти 3 года назад

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

EPSS

Процентиль: 15%
0.00048
Низкий

6.5 Medium

CVSS3