CVE-2023-24626: n/a in n/a
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
AI Analysis
Technical Summary
CVE-2023-24626 is a local privilege vulnerability found in GNU Screen versions up to 4.9.0. The issue resides in the socket.c component of GNU Screen when the software is installed with setuid or setgid permissions, which is the default configuration on certain platforms such as Arch Linux and FreeBSD. This vulnerability allows local users to send a privileged SIGHUP (hangup) signal to any process ID (PID) on the system. The SIGHUP signal typically instructs a process to terminate or reload its configuration, so unauthorized sending of this signal can cause denial of service or disruption of critical processes. The vulnerability is classified under CWE-732, which relates to incorrect permission assignment for critical resources. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts availability (A:H) with no confidentiality or integrity impact. The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability primarily affects systems where GNU Screen is installed with elevated privileges, which is common in some Unix-like operating systems. Exploitation requires local access but no additional user interaction, making it a concern for multi-user environments where unprivileged users could disrupt other users' processes or system services by sending SIGHUP signals improperly.
Potential Impact
For European organizations, the impact of CVE-2023-24626 can be significant in environments that rely on GNU Screen with setuid or setgid configurations, especially in multi-user systems such as shared servers, development environments, or hosting platforms. The ability for a local user to send privileged SIGHUP signals to arbitrary processes can lead to denial of service conditions, disrupting critical applications or services. This could affect availability of business-critical systems, leading to operational downtime and potential financial losses. While the vulnerability does not compromise confidentiality or integrity directly, the disruption of processes could indirectly affect service reliability and user trust. Organizations with strict uptime requirements or those operating in regulated sectors (e.g., finance, healthcare) may face compliance and reputational risks if service disruptions occur. Additionally, the vulnerability could be exploited by malicious insiders or attackers who have gained limited local access, escalating their impact without needing elevated privileges or user interaction.
Mitigation Recommendations
To mitigate CVE-2023-24626, European organizations should take several specific steps beyond generic advice: 1) Review and audit GNU Screen installations to identify if the software is installed with setuid or setgid permissions, particularly on platforms like Arch Linux and FreeBSD. 2) Where possible, remove setuid/setgid bits from the GNU Screen binary to prevent privilege escalation vectors, unless absolutely necessary for operational requirements. 3) Apply principle of least privilege by restricting local user access to systems where GNU Screen is installed with elevated permissions. 4) Monitor and restrict the use of SIGHUP signals on critical processes through process-level access controls or mandatory access control (MAC) frameworks such as SELinux or AppArmor. 5) Implement system-level logging and alerting for abnormal signal sending activities to detect potential exploitation attempts early. 6) Stay updated with GNU Screen vendor advisories and apply patches promptly once available. 7) Consider alternative terminal multiplexers that do not require setuid/setgid privileges if operationally feasible. 8) Harden multi-user environments by isolating user sessions and minimizing shared resource exposure to reduce the attack surface. These targeted mitigations will help reduce the risk of exploitation and limit potential process disruptions caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Poland
CVE-2023-24626: n/a in n/a
Description
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.
AI-Powered Analysis
Technical Analysis
CVE-2023-24626 is a local privilege vulnerability found in GNU Screen versions up to 4.9.0. The issue resides in the socket.c component of GNU Screen when the software is installed with setuid or setgid permissions, which is the default configuration on certain platforms such as Arch Linux and FreeBSD. This vulnerability allows local users to send a privileged SIGHUP (hangup) signal to any process ID (PID) on the system. The SIGHUP signal typically instructs a process to terminate or reload its configuration, so unauthorized sending of this signal can cause denial of service or disruption of critical processes. The vulnerability is classified under CWE-732, which relates to incorrect permission assignment for critical resources. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts availability (A:H) with no confidentiality or integrity impact. The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability primarily affects systems where GNU Screen is installed with elevated privileges, which is common in some Unix-like operating systems. Exploitation requires local access but no additional user interaction, making it a concern for multi-user environments where unprivileged users could disrupt other users' processes or system services by sending SIGHUP signals improperly.
Potential Impact
For European organizations, the impact of CVE-2023-24626 can be significant in environments that rely on GNU Screen with setuid or setgid configurations, especially in multi-user systems such as shared servers, development environments, or hosting platforms. The ability for a local user to send privileged SIGHUP signals to arbitrary processes can lead to denial of service conditions, disrupting critical applications or services. This could affect availability of business-critical systems, leading to operational downtime and potential financial losses. While the vulnerability does not compromise confidentiality or integrity directly, the disruption of processes could indirectly affect service reliability and user trust. Organizations with strict uptime requirements or those operating in regulated sectors (e.g., finance, healthcare) may face compliance and reputational risks if service disruptions occur. Additionally, the vulnerability could be exploited by malicious insiders or attackers who have gained limited local access, escalating their impact without needing elevated privileges or user interaction.
Mitigation Recommendations
To mitigate CVE-2023-24626, European organizations should take several specific steps beyond generic advice: 1) Review and audit GNU Screen installations to identify if the software is installed with setuid or setgid permissions, particularly on platforms like Arch Linux and FreeBSD. 2) Where possible, remove setuid/setgid bits from the GNU Screen binary to prevent privilege escalation vectors, unless absolutely necessary for operational requirements. 3) Apply principle of least privilege by restricting local user access to systems where GNU Screen is installed with elevated permissions. 4) Monitor and restrict the use of SIGHUP signals on critical processes through process-level access controls or mandatory access control (MAC) frameworks such as SELinux or AppArmor. 5) Implement system-level logging and alerting for abnormal signal sending activities to detect potential exploitation attempts early. 6) Stay updated with GNU Screen vendor advisories and apply patches promptly once available. 7) Consider alternative terminal multiplexers that do not require setuid/setgid privileges if operationally feasible. 8) Harden multi-user environments by isolating user sessions and minimizing shared resource exposure to reduce the attack surface. These targeted mitigations will help reduce the risk of exploitation and limit potential process disruptions caused by this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2023-01-30T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9817c4522896dcbd7364
Added to database: 5/21/2025, 9:08:39 AM
Last enriched: 7/4/2025, 11:42:36 PM
Last updated: 8/11/2025, 12:48:55 PM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.