CVE-2024-28085

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
kernelutil-linux
2.24 ≤
𝑥
< 2.39.4
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
util-linux
bullseye (security)
2.36.1-8+deb11u2
fixed
bullseye
2.36.1-8+deb11u2
fixed
bookworm
2.38.1-5+deb12u3
fixed
bookworm (security)
2.38.1-5+deb12u1
fixed
sid
2.41-5
fixed
trixie
2.41-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
util-linux
plucky
Fixed 2.39.3-9ubuntu6
released
oracular
Fixed 2.39.3-9ubuntu6
released
noble
Fixed 2.39.3-9ubuntu6
released
mantic
Fixed 2.39.1-4ubuntu2.1
released
jammy
Fixed 2.37.2-4ubuntu3.3
released
focal
Fixed 2.34-0.1ubuntu9.5
released
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/03/27/5
http://www.openwall.com/lists/oss-security/2024/03/27/6
http://www.openwall.com/lists/oss-security/2024/03/27/7
http://www.openwall.com/lists/oss-security/2024/03/27/8
http://www.openwall.com/lists/oss-security/2024/03/27/9
http://www.openwall.com/lists/oss-security/2024/03/28/1
http://www.openwall.com/lists/oss-security/2024/03/28/2
http://www.openwall.com/lists/oss-security/2024/03/28/3
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://security.netapp.com/advisory/ntap-20240531-0003/
https://www.openwall.com/lists/oss-security/2024/03/27/5
http://www.openwall.com/lists/oss-security/2024/03/27/5
http://www.openwall.com/lists/oss-security/2024/03/27/6
http://www.openwall.com/lists/oss-security/2024/03/27/7
http://www.openwall.com/lists/oss-security/2024/03/27/8
http://www.openwall.com/lists/oss-security/2024/03/27/9
http://www.openwall.com/lists/oss-security/2024/03/28/1
http://www.openwall.com/lists/oss-security/2024/03/28/2
http://www.openwall.com/lists/oss-security/2024/03/28/3
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://security.netapp.com/advisory/ntap-20240531-0003/
https://www.openwall.com/lists/oss-security/2024/03/27/5