Multiple security issues in GNU Screen
Published on: 2025-07-16 15:28:49
Message-ID: Date: Mon, 12 May 2025 17:24:26 +0200 From: Matthias Gerstner To: [email protected] Subject: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Hello list, these issues in Screen have been shared with the distros mailing list on 2025-04-30 and publication is due today. We also offer a rendered version of this report on our blog [1]. 1) Introduction =============== In July 2024, the upstream Screen maintainer asked us [2] if we could have a look at the current Screen code base. We treated this request with lower priority, since we already had a cursory look at Screen a few years earlier, without finding any problems. When we actually found time to look into it again, we were surprised to find a local root exploit in the Screen 5.0.0 major version update affecting distributions that ship it as setuid-root (Arch Linux and NetBSD). We also found a number of
... Read full article.