VULHUB ™

The version of screen which ships with Redhat Linux 6.1 sets incorrect permissions on the pty (pseudo-terminal driver). The pty driver provides support for a pair of devices collectively known as a pseudo-terminal. The two devices comprising a pseudo-terminal are known as a controller and a slave. Instead of having a hardware interface and associated hardware that supports the terminal functions, the functions are implemented by another process manipulating the controller device of the pseudo-terminal. These pty's are represented as a regular file on the UNIX filesystem. As a result of poor permission settings, these pty's are world writable thus allowing other users to hijack other users pty's and execute commands as the user whose pty has been stolen. This can result in root privileges if 'root' is running the vulnerable version of screen.

The version of screen which ships with Redhat Linux 6.1 sets incorrect permissions on the pty (pseudo-terminal driver). The pty driver provides support for a pair of devices collectively known as a pseudo-terminal. The two devices comprising a pseudo-terminal are known as a controller and a slave. Instead of having a hardware interface and associated hardware that supports the terminal functions, the functions are implemented by another process manipulating the controller device of the pseudo-terminal. These pty's are represented as a regular file on the UNIX filesystem. As a result of poor permission settings, these pty's are world writable thus allowing other users to hijack other users pty's and execute commands as the user whose pty has been stolen. This can result in root privileges if 'root' is running the vulnerable version of screen.