Podatność CVE-2024-28085
Publikacja: 2024-03-27

Opis:
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
Med.
util-linux wall Escape Sequence Injection
Skyler Ferrante
30.03.2024

 Referencje:
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://www.openwall.com/lists/oss-security/2024/03/27/5
https://github.com/skyler-ferrante/CVE-2024-28085
Copyright 2024, cxsecurity.com

 

Back to Top