Published: 27/03/2024 Updated: 07/04/2024

wall in util-linux up to and including 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Debian Bug report logs - #1067849 util-linux: CVE-2024-28085: wall: escape sequence injection Package: src:util-linux; Maintainer for src:util-linux is util-linux packagers <util-linux@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Mar 2024 16:15:02 UTC Severity: grave Tags: ...

DescriptionThe MITRE CVE dictionary describes this issue as: wall in util-linux through 240, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked) There may be ...

The util-linux wall command does not filter escape sequences from command line arguments The vulnerable code was introduced in commit cdd3cc7fa4 (2013) Every version since has been vulnerable This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid CentOS is not vulnerable since wall ...

Full Disclosure mailing list archives   By Date By Thread </form>    Escape sequence injection in util-linux wall (CVE-2024-28085)   F ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2024-28085: Escape sequence injection in util-linux wall   From: "Sky ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2024-28085: Escape sequence injection in util-linux wall   From: ...

oss-sec mailing list archives   By Date By Thread </form>    Re: Re: CVE-2024-28085: Escape sequence injection in util-linux wall   Fr ...

oss-sec mailing list archives   By Date By Thread </form>    Re: CVE-2024-28085: Escape sequence injection in util-linux wall   From: ...

WallEscape vulnerability in util-linux

Wall-Escape (CVE-2024-28085) The util-linux wall command does not filter escape sequences from command line arguments The vulnerable code was introduced in commit cdd3cc7fa4 (2013) Every version since has been vulnerable A full report can be found here I have nicknamed this bug "WallEscape" This exploit code was successful in leaking passwords on Ubuntu 2204 wit

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords

BleepingComputer • Bill Toulas • 28 Mar 2024

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords By Bill Toulas March 28, 2024 05:03 PM 0 A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard. Tracked as CVE-2024-28085, the security issue has been dubbed WallEscape and has been present in every version of the package for the past 11 years up to 2.40 released yes...

CVE-2024-28085

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect