1. Forum
  2. NIXNet
  3. NIX BBS

  • Multiple security issues in Screen

    From LWN.net@86:200/23 to All on Tue May 13 06:40:07 2025

    The SUSE Security Team has published
    an article detailing several security
    issues it has uncovered with GNU Screen. This includes
    a local root exploit when Screen is shipped setuid-root, as it is in
    some Linux and BSD distributions. The security team also reports problems
    in coordinating disclosure with the upstream Screen project.

    We are not satisfied with how this coordinated disclosure developed,
    and we will try to be more attentive to such problematic situations
    early on in the future. This experience also sheds light on the
    overall situation of Screen upstream. It looks like it suffers from a
    lack of manpower and expertise, which is worrying for such a
    widespread open source utility. We hope this publication can help to
    draw attention to this and to improve this situation in the future.

    The article includes a table
    of operating systems, screen versions, and which vulnerabilities they
    may be affected by.

    https://lwn.net/Articles/1020901/
    --- SBBSecho 3.25-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)