Wall-Escape Vulnerability Analysis: Implications and Mitigation Strategies
Date: February 27, 2024
CVE: CVE-2024-28085
Vulnerability Type: [[Command Injection]]
CWE: [[CWE-77]], [[CWE-78]], [[CWE-88]]
Sources: [SANS Wall-Escape (CVE-2024-28085)](https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Issue Summary
Wall-Escape (CVE-2024-28085) unveils a critical flaw in the wall command from the util-linux package, allowing unprivileged users to execute command-line arguments without proper escape sequence filtering. This vulnerability has existed since 2013, posing a significant risk on systems where wall is setgid and mesg is set to 'y', notably Ubuntu 22.04 and Debian Bookworm.
Technical Key findings
The flaw arises from the mishandling of command-line arguments (argv), which are not sanitized for escape sequences. This oversight enables attackers to inject arbitrary text onto terminals of other users, potentially leading to information leakage or clipboard alteration. The vulnerability is exploitable through crafted wall command executions, leveraging system features to extract sensitive information such as user passwords.
Vulnerable products
- All versions of util-linux since 2013
- Specifically impactful on:
- Ubuntu 22.04
- Debian Bookworm
Impact assessment
Successful exploitation can lead to unauthorized information disclosure and manipulation of terminal sessions. On Ubuntu 22.04, attackers can deceive users into revealing passwords. The vulnerability also enables clipboard content alteration on certain terminal emulators.
Patches or workaround
No specific patches were mentioned for CVE-2024-28085. Users are advised to restrict access to the wall command and monitor systems for unusual terminal behavior indicative of exploitation attempts.
Tags
#CVE-2024-28085 #CommandInjection #Ubuntu #Debian #InformationDisclosure #util-linux #TerminalSecurity
