WallEscape Linux Vu...
 
Notifications
Clear all

WallEscape Linux Vulnerability affects Ubuntu and Debian Leaks passwords

1 Posts
1 Users
0 Likes
104 Views
Brandon Lee
(@brandon-lee)
Posts: 542
Member Admin
Topic starter
 

There is a new cybersecurity vulnerability, identified as CVE-2024-28085 and named "WallEscape". It is a flaw in the 'wall' function of the util-linux package. This flaw does not prevent escape sequences in command-line inputs.

The vulnerability allows hackers to insert escape sequences into messages sent through the 'wall' command. It can expose passwords and alter command functions under certain conditions. Security analyst Skyler Ferrante uncovered the flaw. The impact affects users of Ubuntu 22.04 and Debian Bookworm. CentOS and Red Hat are not affected.

Ferrante said that on Ubuntu 22.04, with the system's default setup, it's possible to reveal a user's password. A sign of such an attack could be a user receiving an incorrect password prompt when entering their password correctly. This means that the password was mistakenly recorded in the command history.

The flaw can also reveal or modify commands. Ferrante pointed out the potential for this vulnerability to modify command outputs or exploit the execution of nonexistent commands on Ubuntu 22.04. Additionally, it might alter the clipboard contents on specific systems, notably affecting the Windows terminal but not the gnome terminal.

Ferrante provided proof-of-concept (PoC) code and warned that this vulnerability could target any scenario requiring password input. This would include OpenSSH sessions.

A NIST NVD advisory acknowledges the potential for this flaw to enable account takeovers. Introduced in 2013, this vulnerability affects all util-linux versions before 2.40, which includes fixes for the issue.

https://www.securityweek.com/wallescape-linux-vulnerability-leaks-user-passwords/

 
Posted : 01/04/2024 12:20 pm