CVE-2024-28085

moderate-risk
Published 2024-03-27

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Do I need to act?

!
11.2% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (2)

Util-Linux

Affected Vendors

Debian Kernel

References (31)

Exploit http://www.openwall.com/lists/oss-security/2024/03/27/5
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/6
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/7
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/8
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/9
Mailing List http://www.openwall.com/lists/oss-security/2024/03/28/1
Mailing List http://www.openwall.com/lists/oss-security/2024/03/28/2
Mailing List http://www.openwall.com/lists/oss-security/2024/03/28/3
Exploit https://github.com/skyler-ferrante/CVE-2024-28085
Broken Link https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
Mailing List https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
Product https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
Exploit https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Third Party Advisory https://security.netapp.com/advisory/ntap-20240531-0003/
Mailing List https://www.openwall.com/lists/oss-security/2024/03/27/5
http://seclists.org/fulldisclosure/2024/Mar/35
Exploit http://www.openwall.com/lists/oss-security/2024/03/27/5
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/6
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/7
Mailing List http://www.openwall.com/lists/oss-security/2024/03/27/8
and 11 more references
31
/ 100
moderate-risk
Severity 13/34 · Low
Exploitability 11/34 · Low
Exposure 7/34 · Low