First published: Sat Apr 08 2023(Updated: )
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU screen | <=4.9.0 |
https://git.savannah.gnu.org/cgit/screen.git/patch/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-24626 is a vulnerability in GNU Screen through version 4.9.0 that allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
CVE-2023-24626 affects GNU Screen through version 4.9.0 when it is installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD).
CVE-2023-24626 has a severity rating of 6.5 (medium).
CVE-2023-24626 can be exploited by local users sending a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
Yes, CVE-2023-24626 can be fixed by updating GNU Screen to a version beyond 4.9.0.