Many versions of Linux may be vulnerable to a flaw that could allow hackers to steal passwords or change the contents of their clipboard.
However, the vulnerability comes with an important caveat, making exploitation somewhat unlikely (or at least very limited).
Cybersecurity researcher Skyler Ferrante recently discovered a vulnerability for “improper neutralization of wall escape sequences,” a flaw that affects the “wall” command. This command is usually used to broadcast messages to the terminals of all users logged into the same system.
WallEscape
Because escape sequences are not properly filtered when processing input via command-line arguments, a threat actor could theoretically launch a prompt to all connected users and have them type their administrative password. Escape sequences can also be used to modify a target user’s clipboard, although this method may not work with all terminal emulators.
The vulnerability is traced as CVE-2024-28085 and is called WallEscape. It was fixed in Linux version 2.40, released in March 2024, but that means it has been present in Linux versions for the past 11 years.
While a proof-of-concept (PoC) for the vulnerability exists and a practical application could occur, several factors must first be aligned. For example, the attacker must have physical access to a Linux server, to which several other potential victims are already connected via the terminal. If you’re still worried about your Linux server being targeted, there is a solution. Linux has released an upgrade to linux-utils v.2.40, which fixes the vulnerability.
Typically, these updates are available through the Linux distribution’s standard update channel, so keep an eye out for them. Additionally, system administrators can resolve the issue by removing the setgid permission from the “wall” command, or by disabling message broadcasting functionality by using the “mesg” command to set the flag to “n”. to make.
Through BleepingComputer