Vigil@nce: Screen, information reading
April 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker can read data stored in the screen-exchange file
of Screen.
Gravity: 1/4
Consequences: data reading
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/04/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Screen program is used to split a console in several areas.
The screen-exchange feature saves a buffer in the
/tmp/screen-exchange file, which is shared between several users.
This file can be read by all users (world readable). Users should
not use this feature to store sensitive information.
CHARACTERISTICS
Identifiers: 25296, CVE-2009-1214, VIGILANCE-VUL-8579
http://vigilance.fr/vulnerability/Screen-information-reading-8579