Vigil@nce: Screen, file corruption via screen-exchange
March 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a symbolic link in order to corrupt a
file with privileges of Screen users.
Gravity: 1/4
Consequences: data creation/edition
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 25/03/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Screen program is used to split a console in several areas.
The screen-exchange feature saves a buffer in the
/tmp/screen-exchange file, which is shared between several users.
However, this shared file is created without checking if a
symbolic link is present. A local attacker can therefore create a
link from /tmp/screen-exchange to a sensitive file in order to
force its corruption with rights of Screen users.
A local attacker can thus create a symbolic link in order to
corrupt a file with privileges of Screen users.
CHARACTERISTICS
Identifiers: 25296, VIGILANCE-VUL-8561
http://vigilance.fr/vulnerability/Screen-file-corruption-via-screen-exchange-8561