Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
References
Configurations
History
21 Nov 2024, 01:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123 - | |
References | () http://savannah.gnu.org/bugs/?25296 - | |
References | () http://www.openwall.com/lists/oss-security/2009/03/25/7 - | |
References | () http://www.securityfocus.com/bid/34521 - | |
References | () https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=492104 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/49887 - |
Information
Published : 2009-04-01 10:30
Updated : 2024-11-21 01:01
NVD link : CVE-2009-1215
Mitre link : CVE-2009-1215
CVE.ORG link : CVE-2009-1215
JSON object : View
Products Affected
gnu
- gnu_screen
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')