Published: 19/12/2000 Updated: 03/05/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in screen 3.9.5 and previous versions allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
juergen weigert screen 3.9.3
juergen weigert screen 3.9.4
juergen weigert screen 3.9.5

source: wwwsecurityfocuscom/bid/1641/info Various format string vulnerabilities exist in versions 395 and prior of 'screen' that may allow local users to elevate their privileges If screen is setuid root, it is possible to alter the contents of the variable which stores the user id /************************************************** ...

NVD-CWE-Other http://www.securityfocus.com/bid/1641 http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html http://www.securityfocus.com/archive/1/80178 http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3 http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html http://www.redhat.com/support/errata/RHSA-2000-058.html ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc https://exchange.xforce.ibmcloud.com/vulnerabilities/5188 https://nvd.nist.gov https://www.exploit-db.com/exploits/20191/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2000-0901

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect