Bug#1105191: screen: TTY Hijacking while Attaching to a Multi-User Session (CVE-2025-46802)

Mon, 12 May 2025 22:31:44 -0700 

Package: screen
Version: 4.9.1-1
Severity: grave
Justification: user security hole
X-Debbugs-Cc: dani.be...@ubuntu.com

Dear Maintainer,

Screen 5.0.1 is now published with the assortment of security fixes as well as 
some other issues spotted and resolved:

    - CVE-2025-46805: do NOT send signals with root privileges
    - CVE-2025-46804: avoid file existence test information leaks
    - CVE-2025-46803: apply safe PTY default mode of 0620
    - CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
    - CVE-2025-23395: reintroduce lf_secreopen() for logfile
    - buffer overflow due bad strncpy()
    - uninitialized variables warnings
    - typos
    - combining char handling that could lead to a segfault


-- Package-specific info:
File Existence and Permissions
------------------------------

drwxr-xr-x 42 root root   1180 May 13 08:36 /run
lrwxrwxrwx  1 root root      4 Jul 13  2022 /var/run -> /run
-rwxr-xr-x  1 root root 486488 Sep  7  2023 /usr/bin/screen
-rw-r--r--  1 root root    119 May 13 08:36 /etc/tmpfiles.d/screen-cleanup.conf
lrwxrwxrwx  1 root root      9 May 13 08:36 
/lib/systemd/system/screen-cleanup.service -> /dev/null
-rwxr-xr-x  1 root root   1222 Feb 18  2021 /etc/init.d/screen-cleanup
lrwxrwxrwx  1 root root     24 May 13 08:36 /etc/rcS.d/S01screen-cleanup -> 
../init.d/screen-cleanup

File contents
-------------

### /etc/tmpfiles.d/screen-cleanup.conf
______________________________________________________________________
# This file is generated by /var/lib/dpkg/info/screen.postinst upon package 
configuration
d /run/screen 1777 root utmp
______________________________________________________________________

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.25-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=fa_IR.UTF-8, LC_CTYPE=fa_IR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages screen depends on:
ii  debianutils   5.22
ii  libc6         2.41-7
ii  libcrypt1     1:4.4.38-1
ii  libpam0g      1.7.0-3
ii  libtinfo6     6.5+20250216-2
ii  libutempter0  1.2.1-4

screen recommends no packages.

Versions of packages screen suggests:
pn  byobu | screenie | iselect  <none>
ii  ncurses-term                6.5+20250216-2

-- no debconf information

Reply via email to