Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 904039 (CVE-2023-24626) - <app-misc/screen-4.9.0-r2: allows sending SIGHUP to arbitrary PIDs
Summary: <app-misc/screen-4.9.0-r2: allows sending SIGHUP to arbitrary PIDs
Alias: CVE-2023-24626
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa? cleanup]
Depends on: 906098
  Show dependency tree
Reported: 2023-04-08 16:41 UTC by John Helmert III
Modified: 2023-05-11 02:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-08 16:41:51 UTC

socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.

So, vulnerability not in Screen itself, but Screen is wrongly a vector
to DoS other applications. The Savannah bug is still not viewable
(which MITRE shouldn't allow), but the patch is above and doesn't
appear to be in any release.
Comment 1 Larry the Git Cow gentoo-dev 2023-04-10 19:57:17 UTC
The bug has been referenced in the following commit(s):

commit 5020a4047f9bf00b7cc9423e86ababb049511069
Author:     Sven Wegener <>
AuthorDate: 2023-04-10 19:25:32 +0000
Commit:     Sven Wegener <>
CommitDate: 2023-04-10 19:57:04 +0000

    app-misc/screen: revbump, security bug #904039 (CVE-2023-24626)
    Signed-off-by: Sven Wegener <>

 .../screen/files/screen-4.9.0-CVE-2023-24626.patch |  33 +++++
 app-misc/screen/screen-4.9.0-r2.ebuild             | 147 +++++++++++++++++++++
 2 files changed, 180 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:05:32 UTC
Thanks! Please stabilize when ready.