GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
Debian Bug report logs -
#521123
/tmp/screen-exchange still unsafe
Package:
screen;
Maintainer for screen is Axel Beckert <abe@debianorg>; Source for screen is src:screen (PTS, buildd, popcon)
Reported by: Kees Cook <kees@debianorg>
Date: Wed, 25 Mar 2009 00:36:01 UTC
Severity: normal
Tags: security
Found in vers ...