Linux Vulnerability Alert: WallEscape Exposes Passwords in Ubuntu & Debian

Breaking News: Linux’s ‘wall’ command has a chink in its armor! CVE-2024-28085, dubbed WallEscape, could leak your secrets faster than a gossip in a small town. Update or risk your password becoming everyone’s password! #LinuxLeakLaugh

Hot Take:

Psst, Linux users! You might want to check your wall, not for graffiti, but for a sneaky vulnerability that could turn your terminal into a leaky faucet for passwords. And here you thought your Linux fortress was impregnable! CVE-2024-28085, a.k.a. “WallEscape,” is like the digital equivalent of someone slipping a whoopee cushion on your server chair. Make sure your “wall” isn’t set to broadcast more than you bargained for!

Key Points:

  • The “wall” command in the util-linux package has a vulnerability, codenamed WallEscape (CVE-2024-28085), that could allow bad actors to trick users into leaking passwords.
  • Escape sequences aren’t properly filtered out, enabling unprivileged users to display arbitrary text on other users’ terminals.
  • The flaw affects systems where the “mesg” utility is enabled and the “wall” command has setgid permissions, like Ubuntu 22.04 and Debian Bookworm.
  • CentOS dodges the bullet, as its “wall” command isn’t setgid.
  • Users should update to util-linux version 2.40 to fortify their digital defenses against this trickster.
Cve id: CVE-2024-28085
Cve state: PUBLISHED
Cve assigner short name: mitre
Cve date updated: 03/27/2024
Cve description: wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Title: Use-after-free in Linux kernel's netfilter: nf_tables component
Cve id: CVE-2024-1086
Cve state: PUBLISHED
Cve assigner short name: Google
Cve date updated: 01/31/2024
Cve description: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Need to know more?

Breaking Down the Wall

Let's talk about the "wall" command, the digital megaphone of the Linux world. It's like the town crier of your system, announcing important messages to all logged-in users. But what happens when this trusty herald starts whispering secrets it shouldn't? Enter CVE-2024-28085, a vulnerability that could turn the "wall" into a peephole for ne'er-do-wells to peep your passwords.

Sneaky Sequences and Clipboard Capers

Imagine you're typing away at your terminal, and suddenly, a wild SUDO prompt appears! You enter your password, and whoops – it's a fake! That's the kind of chicanery CVE-2024-28085 could enable. It's like a digital ventriloquist throwing its voice to make your terminal lie to you. And for the clipboard aficionados, watch out! Your copy-paste habits might just serve up your secrets on a silver platter if you're using certain terminals.

Checking Your Linux List Twice

So, how do you know if you're hosting this unwelcome guest? If you're cozying up with Ubuntu 22.04 or Debian Bookworm, it's time to play it safe and update to util-linux version 2.40. And if you're a CentOS loyalist, congratulations! Your "wall" is more like a bouncer, keeping the riff-raff out since it's not setgid.

The Patch Parade

It's not all doom and gloom, folks. Our cybersecurity heroes are on the case, patching up holes faster than a cat on a hot tin roof. If you're diligent with updates and keep your "mesg" utility in check, you can keep your terminal chit-chat between you and your intended audience.

Another Bug Bites the Dust

While we're on the subject of vulnerabilities, let's not forget CVE-2024-1086, a pesky use-after-free bug in the Linux kernel's netfilter subsystem. It's like that one guest who overstays their welcome and then breaks your favorite vase on the way out. Thankfully, a commit on January 24, 2024, has shown it the door. So, update your systems, and let's keep our digital homes tidy and secure!

Tags: CVE-2024-28085, escape sequences, Linux terminal security, Linux vulnerabilities, netfilter subsystem, privilege escalation, util-linux package