Network Security, Identity, Vulnerability Management

Significant compromise likely with exploitation of new Linux vulnerability

Closeup of a mobile phone screen with logo lettering of linux on computer keyboard

Some Linux distributions could have user passwords exposed and clipboards taken over in attacks exploiting an improper escape sequence neutralization vulnerability impacting the util-linux package's "wall" command, tracked as CVE-2024-28085, reports The Hacker News.

Potential intrusions, which could affect Debian Bookworm and Ubuntu 22.04, involve luring users into establishing a phony sudo prompt and providing their credentials, according to security researcher Skyler Ferrante. However, the exploitation of the security issue, also known as WallEscape, would only be successful if the mesg utility is enabled and if the wall command requires setgid permissions.

"On Ubuntu 22.04, we have enough control to leak a user's password by default. The only indication of attack to the user will be an incorrect password prompt when they correctly type their password, along with their password being in their command history," Ferrante said.

An immediate update to util-linux version 2.40 has been recommended.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.