The vulnerability of the util-linux package on Linux operating systems allows a hacker to gain unauthorized access to passwords or modify the user’s swap space.

The vulnerability of the util-linux package on Linux operating systems is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to passwords or modify the user’s swap file by using the wall command with...

K000139140: util-linux vulnerability CVE-2024-28085

Security Advisory Description wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not...

Debian: Security Advisory (DSA-5650-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-28085

...

[SECURITY] [DSA 5650-1] util-linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5650-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 31, 2024 https://www.debian.org/security/faq -...

DSA-5650-1 util-linux - security update

Bulletin has no description...

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape b...

Slackware: Security Advisory (SSA:2024-088-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2024-088-02)

The version of util-linux installed on the remote host is prior to 2.37.4 / 2.40. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-088-02 advisory. - wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to othe...

[slackware-security] util-linux

New util-linux packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/util-linux-2.37.4-i586-3slack15.0.txz: Rebuilt. This release fixes a vulnerability where the wall command did not filter escape...

util-linux wall Escape Sequence Injection

Wall-Escape CVE-2024-28085 Skyler Ferrante: Escape sequence injection in util-linux wall ================================================================= Summary ================================================================= The util-linux wall command does not filter escape sequences from...

Ubuntu: Security Advisory (USN-6719-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-37134 CVE-2024-28085 affecting package util-linux for versions less than 2.39.2-2

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

DEBIAN-CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

AZL-37146 CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

ALPINE-CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...

USN-6719-1: util-linux vulnerability

Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information...

USN-6719-1 util-linux vulnerability

Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information...

CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked. There may be plausible...