April 1, 2024 at 12:30PM
Security researchers have disclosed a new vulnerability, named CVE-2024-28085 or ‘WallEscape’, affecting the ‘wall’ command in the util-linux package on Linux systems. Exploiting this flaw could potentially leak user passwords and manipulate the clipboard. This security defect impacts Ubuntu 22.04 and Debian Bookworm, with potential for account takeover, but does not affect CentOS and Red Hat products.
Based on the meeting notes, the key takeaways are:
1. A new vulnerability, tracked as CVE-2024-28085 and named ‘WallEscape’, has been discovered in the ‘wall’ command of the util-linux core utilities package in Linux systems.
2. The security defect allows attackers to embed escape sequences into messages sent via the ‘wall’ command, potentially leaking user passwords and modifying commands under certain conditions.
3. The vulnerability impacts systems with the ‘wall’ command installed with special setgid permissions and mesg set to ‘y’, such as Ubuntu 22.04 with default configurations and Debian Bookworm.
4. The flaw was discovered by security researcher Skyler Ferrante, who provided proof-of-concept (PoC) code demonstrating the exploit. It also affects systems where messages can be sent via the ‘wall’ command and may lead to account takeover scenarios.
5. The vulnerability was introduced in 2013 and affects util-linux releases prior to version 2.40, which includes patches for this bug.
Let me know if there is anything else I can assist you with.