Vulnerability CVE-2024-28085


Published: 2024-03-27

Description:
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
util-linux wall Escape Sequence Injection
Skyler Ferrante
30.03.2024

 References:
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://www.openwall.com/lists/oss-security/2024/03/27/5
https://github.com/skyler-ferrante/CVE-2024-28085

Copyright 2024, cxsecurity.com

 

Back to Top