Launchpad CVE tracker

CVE 2009-1214

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

Related bugs and status

CVE-2009-1214 (Candidate) is related to these bugs:

Bug #315993: Insecure creation of /tmp/screen-exchange (symlink attack)

		In	Importance	Status
315993	Insecure creation of /tmp/screen-exchange (symlink attack)	screen (Ubuntu)	Low	Fix Released
315993	Insecure creation of /tmp/screen-exchange (symlink attack)	screen	Unknown	Unknown
315993	Insecure creation of /tmp/screen-exchange (symlink attack)	screen (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009032...
MISC: http://savannah.gnu.or...
CONFIRM: http://bugs.debian.org...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://bugzilla.redha...
BID: 34521
XF: screen-screenexchange-...

Launchpad.net

CVE 2009-1214

Related bugs and status

Related bugs

References