CVE-2025-46802: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in Screen software (CVE-2025-46802) that allows TTY hijacking during attachment to a multiuser session. The issue was found when the multiattach flag is set, where the software temporarily sets the TTY to mode 666, creating a security risk. This vulnerability affects Screen version 5.0.0 and older versions, with a disclosure date of May 12, 2025 (OpenWall).

The vulnerability exists in the Attach() function when the multiattach flag is set. The function performs a chmod() of the current TTY to mode 0666, which temporarily makes the TTY world-readable and writable. While the TTY path is properly validated using isatty() checks and /dev path verification, the temporary permission change creates a race condition. The vulnerability has received a CVSS v3.1 Base Score of 6.0 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N (NVD).

The vulnerability allows attackers to intercept data typed into the TTY and inject data into it during the window of exposure. An attacker could potentially mislead users into entering sensitive information like passwords, or inject control sequences to confuse the victim or exploit terminal emulator vulnerabilities. In some cases, the original TTY mode is never restored, leaving the terminal permanently exposed (OpenWall).

The vulnerability has been addressed by removing the temporary chmod() calls, as they are considered remnants of past implementations. Modern versions of Screen pass the PTY file descriptor securely via UNIX domain socket to the target session. While this fix may affect some reattach use cases, these cases were already broken in previous versions. It's recommended to avoid installing Screen with setuid-root privileges (OpenWall).

The vulnerability was initially shared with the distros mailing list on April 30, 2025, and public disclosure occurred on May 12, 2025. The issue has affected multiple distributions including Arch Linux, Fedora, Gentoo Linux, FreeBSD, and NetBSD, leading to various responses from the security community. Some distributions have already implemented fixes by explicitly passing safe PTY modes during configuration (OpenWall).