Logo
vulnerabilityCVE-2024-28085
Name
CVE-2024-28085
Source
NVD ( link)Debian ( link)
Description
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
CWEs
CWE-150
Published Date
Updated Date
Workaround
-
Advisories
http://www.openwall.com/lists/oss-security/2024/03/27/5Exploit
http://www.openwall.com/lists/oss-security/2024/03/27/6Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/7Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/8Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/9Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/1Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/2Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/3Mailing List
https://github.com/skyler-ferrante/CVE-2024-28085Exploit
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjqBroken Link
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.htmlMailing List
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/Product
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txtExploit
https://security.netapp.com/advisory/ntap-20240531-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/03/27/5Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/5Exploit
http://www.openwall.com/lists/oss-security/2024/03/27/6Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/7Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/8Mailing List
http://www.openwall.com/lists/oss-security/2024/03/27/9Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/1Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/2Mailing List
http://www.openwall.com/lists/oss-security/2024/03/28/3Mailing List
https://github.com/skyler-ferrante/CVE-2024-28085Exploit
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjqBroken Link
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.htmlMailing List
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/Product
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txtExploit
https://security.netapp.com/advisory/ntap-20240531-0003/Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/03/27/5Mailing List

Analysis#

Affected Component
Analysis
util-linux
Patched

Vulnerability Ratings#

3.3
CVSSv31
NaN
other

Others affected components#

Name
Project
Project Version
Version
Status
util-linux
buildroot
2025.02.x
2.40.2
Not Affected
util-linux-libs
buildroot
2025.02.x
2.40.2
Not Affected
util-linux
buildroot
master
2.41.5
Not Affected
util-linux-libs
buildroot
master
2.41.5
Not Affected
util-linux
openwrt
master
2.42.2-r1
Not Affected
util-linux
openwrt
openwrt-25.12
2.41.5-r1
Not Affected
util-linux
yocto
master
2.41.3
Not Affected
util-linux
yocto
scarthgap
2.39.3
Patched

Resolved with patches#

util-linux (yocto:kirkstone)

#
Title
Author
Resolve
1
wall: convert homebrew buffering to open_memstream()
наб <nabijaczleweli@nabijaczleweli.xyz>
CVE-2024-28085
2
wall: fix calloc cal [-Werror=calloc-transposed-args]
Karel Zak <kzak@redhat.com>
CVE-2024-28085
3
wall: use fputs_careful()
наб <nabijaczleweli@nabijaczleweli.xyz>
CVE-2024-28085
4
wall: fix escape sequence Injection [CVE-2024-28085]
Karel Zak <kzak@redhat.com>
CVE-2024-28085
5
write: correctly handle wide characters
наб <nabijaczleweli@nabijaczleweli.xyz>
CVE-2024-28085

util-linux (yocto:scarthgap)

#
Title
Author
Resolve
1
wall: fix escape sequence Injection [CVE-2024-28085]
Karel Zak <kzak@redhat.com>
CVE-2024-28085
2
wall: fix calloc cal [-Werror=calloc-transposed-args]
Karel Zak <kzak@redhat.com>
CVE-2024-28085