Lucene search

[email protected]CVE-2009-1214

HistoryApr 01, 2009 - 10:30 a.m.

CVE-2009-1214

2009-04-0110:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-1214

gnu screen

session info

sensitive information

file permissions

local exploit

nvd

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

Affected configurations

NVD

Node

gnuscreenMatch4.0.3

CPENameOperatorVersion
gnu:screengnu screeneq4.0.3

CPE	Name	Operator	Version
gnu:screen	gnu screen	eq	4.0.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123

savannah.gnu.org/bugs/?25296

www.openwall.com/lists/oss-security/2009/03/25/7

www.securityfocus.com/bid/34521

bugs.launchpad.net/ubuntu/+source/screen/+bug/315993

bugzilla.redhat.com/show_bug.cgi?id=492104

exchange.xforce.ibmcloud.com/vulnerabilities/49886

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2009-1214

prion1 nvd1 cvelist1 ubuntucve1 debiancve1 openvas2