<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2024-28085: Escape sequence injection in util-linux wall
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: nightmare.yeah27 () aceecat org
Date: Wed, 27 Mar 2024 13:57:12 -0700
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Wed, Mar 27, 2024 at 11:00:00AM -0400, Skyler Ferrante (RIT Student) wrote:
Wall-Escape (CVE-2024-28085)
This allows unprivileged users to put arbitrary text on other
users terminals, if mesg is set to y and wall is setgid. CentOS
is not vulnerable since wall is not setgid. On Ubuntu 22.04 and
Debian Bookworm, wall is both setgid and mesg is set to y by
default.
I wonder how this comes about? I have looked around for a bit,
but the places that seemed relevant -- mostly /etc/default/devpts
and /etc/login.defs -- seem to show it should be 0600 by default.
Something somewhere overrides these, but I can't find that
something anywhere.
--
Ian
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
CVE-2024-28085: Escape sequence injection in util-linux wall Skyler Ferrante (RIT Student) (Mar 27)
Re: CVE-2024-28085: Escape sequence injection in util-linux wall nightmare . yeah27 (Mar 27)
Re: CVE-2024-28085: Escape sequence injection in util-linux wall Jakub Wilk (Mar 27)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->