Multiple Security Issues in GNU Screen

Summary

[<prev] [next>] [day] [month] [year] [list] Message-ID: <aCISrQTbLQjaxBZS@kasco.suse.de> Date: Mon, 12 May 2025 17:24:26 +0200 From: Matthias Gerstner <mgerstner@...e.de> To: oss-security@...ts.openwall.com Subject: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Hello list, these issues in Screen have been shared with the distros mailing list on 2025-04-30 and publication is due today. We also offer a rendered version of this report on our blog [1]. 1) Introduction =============== In July 2024, the upstream Screen maintainer asked us [2] if we could have a look at the current Screen code base. We treated this request with lower priority, since we already had a cursory look at Screen a few years earlier, without finding any problems. When we actually found time to look into it again, we were surprised to find a local root exploit in the Screen 5.0.0 major version update affecting distributions that ship it as setuid-root (Arch Linux and NetBSD). We also found a number of additional, less severe issues that partly also affect older Screen versions still found in the majority of distributions. Attached to this email you can find two sets of patches for the issues described in this report, one for screen-4.9.1 and another for screen-5.0.0. These patch sets apply against the screen-4.9.1 and screen-5.0.0 release tarballs, respectively. Due to difficulties in the communication with upstream we do not currently have detailed information about bugfixes and releases published on their end. The next section provides an overview of the Screen configurations and versions found on common Linux and UNIX distributions. Section 3) discusses each security issue we discovered in detail. Section 4) takes a look at possible further issues in Screen's setuid-root implementation. Section 5) gives general recommendations for the improvement of Screen's security posture. Section 6) points out problems we encountered during the coor...