Описание
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
A flaw was found in Screen. A possible denial of service caused by race conditions when sending signals exists. The CheckPid() function drops privileges to the real user ID and tests whether the kernel can send a signal to the target PID using these credentials. The signal is sent later via Kill(), potentially using full root privileges. By this time, the previously checked PID could have been replaced by a different, privileged process. It might also be possible to trick the privileged Screen daemon process into sending signals to itself since a process is always allowed to send signals to itself.
Отчет
This is a moderate vulnerability because it involves a TOCTOU race condition with limited impact: only SIGCONT and SIGHUP signals can be sent, which do not allow arbitrary code execution or privilege escalation. Exploitation requires precise PID reuse timing, reducing reliability. Although it breaks privilege separation by using root rights after a lower-privileged check, the constrained effect—primarily minor integrity issues or local DoS—limits its severity.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | screen | Under investigation | ||
| Red Hat Enterprise Linux 7 | screen | Under investigation |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
Screen version 5.0.0 and older version 4 releases have a TOCTOU race ...
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
5.5 Medium
CVSS3