Skip to main content

CVE-2023-24626: n/a in n/a

Medium
VulnerabilityCVE-2023-24626cvecve-2023-24626
Published: Sat Apr 08 2023 (04/08/2023, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

AI-Powered Analysis

AILast updated: 07/04/2025, 23:42:36 UTC

Technical Analysis

CVE-2023-24626 is a local privilege vulnerability found in GNU Screen versions up to 4.9.0. The issue resides in the socket.c component of GNU Screen when the software is installed with setuid or setgid permissions, which is the default configuration on certain platforms such as Arch Linux and FreeBSD. This vulnerability allows local users to send a privileged SIGHUP (hangup) signal to any process ID (PID) on the system. The SIGHUP signal typically instructs a process to terminate or reload its configuration, so unauthorized sending of this signal can cause denial of service or disruption of critical processes. The vulnerability is classified under CWE-732, which relates to incorrect permission assignment for critical resources. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts availability (A:H) with no confidentiality or integrity impact. The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability primarily affects systems where GNU Screen is installed with elevated privileges, which is common in some Unix-like operating systems. Exploitation requires local access but no additional user interaction, making it a concern for multi-user environments where unprivileged users could disrupt other users' processes or system services by sending SIGHUP signals improperly.

Potential Impact

For European organizations, the impact of CVE-2023-24626 can be significant in environments that rely on GNU Screen with setuid or setgid configurations, especially in multi-user systems such as shared servers, development environments, or hosting platforms. The ability for a local user to send privileged SIGHUP signals to arbitrary processes can lead to denial of service conditions, disrupting critical applications or services. This could affect availability of business-critical systems, leading to operational downtime and potential financial losses. While the vulnerability does not compromise confidentiality or integrity directly, the disruption of processes could indirectly affect service reliability and user trust. Organizations with strict uptime requirements or those operating in regulated sectors (e.g., finance, healthcare) may face compliance and reputational risks if service disruptions occur. Additionally, the vulnerability could be exploited by malicious insiders or attackers who have gained limited local access, escalating their impact without needing elevated privileges or user interaction.

Mitigation Recommendations

To mitigate CVE-2023-24626, European organizations should take several specific steps beyond generic advice: 1) Review and audit GNU Screen installations to identify if the software is installed with setuid or setgid permissions, particularly on platforms like Arch Linux and FreeBSD. 2) Where possible, remove setuid/setgid bits from the GNU Screen binary to prevent privilege escalation vectors, unless absolutely necessary for operational requirements. 3) Apply principle of least privilege by restricting local user access to systems where GNU Screen is installed with elevated permissions. 4) Monitor and restrict the use of SIGHUP signals on critical processes through process-level access controls or mandatory access control (MAC) frameworks such as SELinux or AppArmor. 5) Implement system-level logging and alerting for abnormal signal sending activities to detect potential exploitation attempts early. 6) Stay updated with GNU Screen vendor advisories and apply patches promptly once available. 7) Consider alternative terminal multiplexers that do not require setuid/setgid privileges if operationally feasible. 8) Harden multi-user environments by isolating user sessions and minimizing shared resource exposure to reduce the attack surface. These targeted mitigations will help reduce the risk of exploitation and limit potential process disruptions caused by this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2023-01-30T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9817c4522896dcbd7364

Added to database: 5/21/2025, 9:08:39 AM

Last enriched: 7/4/2025, 11:42:36 PM

Last updated: 8/11/2025, 12:48:55 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats