Some Linux distributions could have user passwords exposed and clipboards taken over in attacks exploiting an improper escape sequence neutralization vulnerability impacting the util-linux package's "wall" command, tracked as CVE-2024-28085, reports The Hacker News.
Potential intrusions, which could affect Debian Bookworm and Ubuntu 22.04, involve luring users into establishing a phony sudo prompt and providing their credentials, according to security researcher Skyler Ferrante. However, the exploitation of the security issue, also known as WallEscape, would only be successful if the mesg utility is enabled and if the wall command requires setgid permissions.
"On Ubuntu 22.04, we have enough control to leak a user's password by default. The only indication of attack to the user will be an incorrect password prompt when they correctly type their password, along with their password being in their command history," Ferrante said.
An immediate update to util-linux version 2.40 has been recommended.
