1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1105191: screen: TTY Hijacking while Attaching to a Multi-User Sess

    From Danial Behzadi@21:1/5 to All on Tue May 13 07:30:01 2025
    Package: screen
    Version: 4.9.1-1
    Severity: grave
    Justification: user security hole
    X-Debbugs-Cc: dani.behzi@ubuntu.com

    Dear Maintainer,

    Screen 5.0.1 is now published with the assortment of security fixes as well as some other issues spotted and resolved:

    - CVE-2025-46805: do NOT send signals with root privileges
    - CVE-2025-46804: avoid file existence test information leaks
    - CVE-2025-46803: apply safe PTY default mode of 0620
    - CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
    - CVE-2025-23395: reintroduce lf_secreopen() for logfile
    - buffer overflow due bad strncpy()
    - uninitialized variables warnings
    - typos
    - combining char handling that could lead to a segfault


    -- Package-specific info:
    File Existence and Permissions
    ------------------------------

    drwxr-xr-x 42 root root 1180 May 13 08:36 /run
    lrwxrwxrwx 1 root root 4 Jul 13 2022 /var/run -> /run
    -rwxr-xr-x 1 root root 486488 Sep 7 2023 /usr/bin/screen
    -rw-r--r-- 1 root root 119 May 13 08:36 /etc/tmpfiles.d/screen-cleanup.conf lrwxrwxrwx 1 root root 9 May 13 08:36 /lib/systemd/system/screen-cleanup.service -> /dev/null
    -rwxr-xr-x 1 root root 1222 Feb 18 2021 /etc/init.d/screen-cleanup lrwxrwxrwx 1 root root 24 May 13 08:36 /etc/rcS.d/S01screen-cleanup -> ../init.d/screen-cleanup

    File contents
    -------------

    ### /etc/tmpfiles.d/screen-cleanup.conf ______________________________________________________________________
    # This file is generated by /var/lib/dpkg/info/screen.postinst upon package configuration
    d /run/screen 1777 root utmp ______________________________________________________________________

    -- System Information:
    Debian Release: trixie/sid
    APT prefers testing
    APT policy: (500, 'testing')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.12.25-amd64 (SMP w/4 CPU threads; PREEMPT)
    Locale: LANG=fa_IR.UTF-8, LC_CTYPE=fa_IR.UTF-8 (charmap=UTF-8), LANGUAGE not set
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages screen depends on:
    ii debianutils 5.22
    ii libc6 2.41-7
    ii libcrypt1 1:4.4.38-1
    ii libpam0g 1.7.0-3
    ii libtinfo6 6.5+20250216-2
    ii libutempter0 1.2.1-4

    screen recommends no packages.

    Versions of packages screen suggests:
    pn byobu | screenie | iselect <none>
    ii ncurses-term 6.5+20250216-2

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon May 19 01:30:01 2025
    This is a multi-part message in MIME format...

    Your message dated Sun, 18 May 2025 23:20:16 +0000
    with message-id <E1uGnIm-0016S8-3T@fasolo.debian.org>
    and subject line Bug#1105191: fixed in screen 4.9.1-3
    has caused the Debian Bug report #1105191,
    regarding screen: TTY Hijacking while Attaching to a Multi-User Session (CVE-2025-46802)
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1105191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105191
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 13 May 2025 05:17:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-13.8 required=4.0 tests=BAYES_00,
    BODY_INCLUDES_PACKAGE,FOURLA,HAS_PACKAGE,RCVD_IN_PBL,
    RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
    RDNS_NONE,SPF_PASS,WORD_WITHOUT_VOWELS,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 36; hammy, 150; neutral, 166; spammy,
    0. spammytokens: hammytokens:0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--trixie, 0.000-+--UD:init.d,
    0.000-+--initd
    Return-path: <dani.behzi@ubuntu.com>
    Received: from [2.188.72.117] (port=48344 helo=[127.0.1.1])
    by buxtehude.debian.org with esmtp (Exim 4.94.2)