ClickCease WallEscape Vulnerability Leaks User Passwords in Linux

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

WallEscape Vulnerability Leaks User Passwords in Linux

by Rohan Timalsina

April 10, 2024 - TuxCare expert team

A vulnerability has been identified in the wall command-line utility in Linux, which could allow an attacker to steal user passwords or modify the clipboard on the victim’s system. Dubbed “WallEscape” and officially tracked as CVE-2024-28085, the vulnerability resides in the wall command within the util-linux package, present in Linux distributions for over a decade, up until the recent release of version 2.40. Skyler Ferrante, who discovered this flaw, describes it as an “improper neutralization of escape sequences in wall command”.

 

WallEscape Vulnerability Details

 

Ferrante mentioned that the util-linux ‘wall’ command lacks escape sequence filtering from command line arguments. If mesg is set to ‘y’ and wall is setgid, unprivileged users could inject arbitrary text onto other users’ terminals. Linux distributions, such as CentOS, RHEL, and Fedora remain unaffected since wall isn’t setgid. However, Ubuntu 22.04 and Debian 12 “Bookworm” are vulnerable as wall is both setgid and mesg defaults to ‘y’.

The WallEscape vulnerability poses a significant risk on Ubuntu 22.04 as a user’s password can be leaked by default. The sole indication of an attack for the user would be an incorrect password prompt upon entering their correct password, alongside the password appearing in their command history.

Ferrante also outlined potential attack scenarios, including the creation of counterfeit SUDO prompts within the Gnome terminal to trick users into entering sensitive information. This involves manipulating terminal settings via the ‘wall’ command to simulate authentic prompts, with subsequent password retrieval from command arguments.

Additionally, on systems permitting wall messages, attackers might modify a victim’s clipboard. This tactic proves effective on windows-terminal but not on gnome-terminal.

 

Mitigation Measures

 

Mitigation strategies involve updating to util-linux v2.40 or promptly removing setgid permissions from the ‘wall’ command. Alternatively, administrators can disable message broadcasting by running the mesg n command in the terminal. While the severity of WallEscape is limited by its dependency on local access and specific system configurations, users are urged to remain vigilant and apply necessary patches or mitigations as advised.

The sources for this article include a story from BleepingComputer.

Summary
WallEscape Vulnerability Leaks User Passwords
Article Name
WallEscape Vulnerability Leaks User Passwords
Description
Discover the WallEscape vulnerability (CVE-2024-28085) in Linux's 'wall' command, posing risks of password theft and clipboard hijacking.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!