CVE-2009-1214 | Vulnerability Database | Aqua Security

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.

Affected Software

Name	Vendor	Start Version	End Version
Screen	Gnu	4.0.3 (including)	4.0.3 (including)
Screen	Ubuntu	dapper	*
Screen	Ubuntu	gutsy	*
Screen	Ubuntu	hardy	*
Screen	Ubuntu	intrepid	*
Screen	Ubuntu	jaunty	*
Screen	Ubuntu	upstream	*

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123
http://savannah.gnu.org/bugs/?25296
http://www.openwall.com/lists/oss-security/2009/03/25/7
http://www.securityfocus.com/bid/34521
https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993
https://bugzilla.redhat.com/show_bug.cgi?id=492104
https://exchange.xforce.ibmcloud.com/vulnerabilities/49886
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521123
http://savannah.gnu.org/bugs/?25296
http://www.openwall.com/lists/oss-security/2009/03/25/7
http://www.securityfocus.com/bid/34521
https://bugs.launchpad.net/ubuntu/+source/screen/+bug/315993
https://bugzilla.redhat.com/show_bug.cgi?id=492104
https://exchange.xforce.ibmcloud.com/vulnerabilities/49886

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1214
CWE	https://cwe.mitre.org/data/definitions/264.html