Hi, On Tue, Jan 24, 2017 at 07:05:10PM +0000, anonymous wrote: > <http://savannah.gnu.org/bugs/?50142> > > Summary: root exploit 4.5.0 > Project: GNU Screen […] > Commit f86a374 ("screen.c: adding permissions check for the logfile name", > 2015-11-04) > > The check opens the logfile with full root privileges. This allows us to > truncate any file or create a root-owned file with any contents in any > directory and can be easily exploited to full root access in several ways.
Please use CVE-2017-5618 as identifier for this security issue. I'd have also updated https://savannah.gnu.org/bugs/?50142 but it's marked as private despite the information is publically available via the mailing list and its archive. So please make https://savannah.gnu.org/bugs/?50142 public again. It's nothing in there which isn't known publically. Kind regards, Axel -- /~\ Plain Text Ribbon Campaign | Axel Beckert \ / Say No to HTML in E-Mail and News | a...@deuxchevaux.org (Mail) X See http://www.nonhtmlmail.org/campaign.html | a...@noone.org (Mail+Jabber) / \ I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)
signature.asc
Description: Digital signature
