Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-46803

Опубликовано: 13 мая 2025
Источник: redhat
CVSS3: 7.7

Описание

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

A flaw was found in Screen. The default mode for pseudo-terminals (PTYs) allocated by Screen was changed from 0620 to 0622. This vulnerability allows public writes to any PTYs in the system.

Отчет

The change in the default PTY mode from 0620 to 0622 in Screen represents a significant security vulnerability because it directly exposes privileged terminal sessions to unauthorized local modification. In multi-user environments, PTYs act as communication endpoints between user shells and the system, and world-writable PTYs (0622) allow any user on the system to inject arbitrary input into another user’s terminal. Unlike a typical permission misconfiguration that may be considered a moderate flaw, this vulnerability can lead to active session hijacking, command injection, or data corruption in interactive processes like shells, editors, and administrative sessions. As PTYs are foundational to the UNIX security model for user isolation, this vulnerability undermines the integrity of user sessions and can result in privilege escalation when combined with poorly secured scripts or session contexts.

Меры по смягчению последствий

No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6screenOut of support scope
Red Hat Enterprise Linux 7screenOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-282
https://bugzilla.redhat.com/show_bug.cgi?id=2364200screen: Screen by Default Creates World Writable PTYs

7.7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-46803

CVSS3: 5
ubuntu
24 дня назад

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

nvd логотип

CVE-2025-46803

CVSS3: 5
nvd
24 дня назад

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

debian логотип

CVE-2025-46803

CVSS3: 5
debian
24 дня назад

The default mode of pseudo terminals (PTYs) allocated by Screen was ch ...

github логотип

GHSA-g2cq-wg23-g8qw

CVSS3: 5
github
24 дня назад

The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.

7.7 High

CVSS3