TTY Hijacking while Attaching to a Multiuser Session in the screen package
Has potential to break some reattach use cases, but the specific use case was broken already before.
screen in Debian not installed setuid or setgid
DEBIANBUG: [1105191]
Info: https://www.openwall.com/lists/oss-security/2025/05/12/1
Patch: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | screen | 2025-06-12 | ALAS2-2025-2878 |
Amazon Linux 2023 | screen | 2025-06-10 | ALAS2023-2025-1006 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
NVD | CVSSv3 | 6.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |