oss-sec mailing list archives
Re: CVE-2024-28085: Escape sequence injection in util-linux wall
From: nightmare.yeah27 () aceecat org
Date: Wed, 27 Mar 2024 13:57:12 -0700
On Wed, Mar 27, 2024 at 11:00:00AM -0400, Skyler Ferrante (RIT Student) wrote:
Wall-Escape (CVE-2024-28085)
This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
I wonder how this comes about? I have looked around for a bit, but the places that seemed relevant -- mostly /etc/default/devpts and /etc/login.defs -- seem to show it should be 0600 by default. Something somewhere overrides these, but I can't find that something anywhere. -- Ian
Current thread:
- CVE-2024-28085: Escape sequence injection in util-linux wall Skyler Ferrante (RIT Student) (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall nightmare . yeah27 (Mar 27)
- Re: Re: CVE-2024-28085: Escape sequence injection in util-linux wall Jakub Wilk (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Jakub Wilk (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Demi Marie Obenour (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Solar Designer (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Karel Zak (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Alexander E. Patrakov (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Demi Marie Obenour (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall nightmare . yeah27 (Mar 27)