A recently identified vulnerability affecting the “wall” command in the util-linux package has raised concerns among Linux users. Assigned CVE-2024-28085 and named WallEscape by security researcher Skyler Ferrante, the flaw allows unprivileged users to manipulate terminal output, potentially leaking passwords or altering clipboards on select Linux distributions.
CVE-2024-28085 Explained
The issue stems from improperly filtered escape sequences in the “wall” command’s command-line arguments. This vulnerability, introduced in a commit made back in August 2013, could be exploited when the “mesg” utility is enabled and the “wall” command is executed with setgid permissions.
Affected systems, such as Ubuntu 22.04 and Debian Bookworm, are susceptible to password leakage, with users potentially being tricked into disclosing their passwords. However, systems like CentOS remain unaffected due to differences in command permissions.
In addition, the vulnerability opens the door for attackers to manipulate users’ clipboards through escape sequences, particularly on terminals like Windows Terminal. Notably, GNOME Terminal remains unaffected.
To address this issue, users are urged to update to util-linux version 2.40 promptly.
This disclosure coincides with another Linux vulnerability detailed by security researcher notselwyn. Assigned CVE-2024-1086, this vulnerability in the netfilter subsystem of the Linux kernel could lead to local privilege escalation or denial-of-service conditions. The issue has been resolved in a commit released on January 24, 2024.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: