CVE-2000-0364 in Linux
Summary
by MITRE
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability described in CVE-2000-0364 represents a critical privilege escalation issue affecting terminal emulator applications in Red Hat Linux 6.0. This flaw specifically impacts the screen and rxvt terminal multiplexers, which are essential components for managing multiple terminal sessions within a single window. The vulnerability stems from improper handling of terminal device permissions during the initialization process, creating a significant security gap that allows local attackers to gain unauthorized access to other terminal devices on the system.
The technical root cause of this vulnerability lies in the failure of screen and rxvt applications to properly set the access modes for tty devices when they are created or initialized. According to CWE-264, this represents a weakness in permissions and access control mechanisms where the applications do not correctly establish the security attributes of terminal devices. When these terminal emulators launch, they create tty devices with insufficiently restrictive permissions, allowing any local user to write to or interact with other terminal sessions that should be protected. This misconfiguration creates a direct pathway for privilege escalation attacks where unauthorized users can potentially intercept or manipulate terminal communications between other users.
The operational impact of this vulnerability extends beyond simple permission issues, as it fundamentally undermines the security model of multi-user terminal environments. Attackers can exploit this flaw to perform various malicious activities including terminal session hijacking, data interception, and communication manipulation. The vulnerability is particularly dangerous in multi-user environments where different users share the same system, as it allows one user to potentially access another user's terminal sessions and potentially gain access to sensitive information or commands executed within those sessions. This issue directly relates to ATT&CK technique T1059.005 for command and scripting interpreter, as attackers can use the compromised terminal access to execute commands within other users' sessions.
Mitigation strategies for this vulnerability should focus on immediate system updates and proper configuration of terminal applications. System administrators should ensure that all terminal emulator applications are updated to versions that properly handle tty device permissions, typically through security patches provided by Red Hat. Additionally, implementing proper access controls and monitoring for unauthorized terminal device access can help detect potential exploitation attempts. The vulnerability demonstrates the importance of proper privilege separation in Unix-like systems, where applications should not be able to manipulate system resources without appropriate authorization. Security hardening measures including restricting terminal access permissions and implementing proper audit logging for terminal device operations can significantly reduce the risk of exploitation. Organizations should also consider implementing additional security controls such as mandatory access controls or enhanced session management to prevent unauthorized access to terminal sessions even if the underlying vulnerability is not immediately patched.