Uncovering the Linux Glitch That Puts Your Passwords at Risk – Learn How to Protect Yourself

    A‌ flaw has been identified in the wall command of the util-linux package used in the Linux operating system, which can allow a non-privileged attacker to steal passwords or ‌manipulate the ⁢victim’s clipboard. This security issue, referred to as CVE-2024-28085, has been present ‌for the past 11 years ​and was only recently addressed in the ​latest release, version 2.40. Although this vulnerability is a prime example of how an attacker can deceive a user‍ into revealing their administrator password, it is‍ only exploitable in certain⁢ circumstances. ‌The attacker must have⁣ access to a Linux server where multiple users are connected ‌through‌ the terminal, such as a college ​or organization.‌ The ‍vulnerability was⁤ discovered by security researcher Skyler Ferrante ⁢and is caused by improper handling of escape sequences in the wall command.

    Exploiting WallEscape requires the exploitation of the ‘wall’ command, often used in Linux systems to send messages to all connected users on⁣ a server or system. Due to⁣ improper filtering of escape sequences​ in⁣ command line arguments, an attacker with unprivileged access can use escape control characters to manipulate the victim’s terminal and prompt them for their administrator password.

    However, this can only be achieved if the “mesg” utility is active and⁢ the wall command has setgid permissions,⁤ which were found in the Ubuntu 22.04 LTS and Debian 12.5 Linux ​distributions but not​ in CentOS. To demonstrate the potential impact ⁣of this vulnerability, Ferrante‍ provides a proof-of-concept exploit ⁢code and‌ outlines different exploitation‌ scenarios. For ‍example, an⁤ attacker could create a fake SUDO prompt in the Gnome ⁤terminal and​ use the wall command to manipulate the user’s input, making it ⁤appear as ‍a legitimate request​ for their password.

    Another attack ⁣involves changing the‌ clipboard of the targeted user by sending escape sequences through the wall command. While this method may not work on all ‍terminal emulators, such as ‌Gnome, it is still a viable option for attackers.

    It is important to note that exploiting WallEscape requires local‌ access, either physically or through⁣ remote access ​via SSH, limiting its impact. However, for organizations or institutions ‌with⁤ multi-user settings, this vulnerability can pose a significant risk, as an attacker could‍ target unprivileged users on the same⁢ system as the victim.

    To patch this vulnerability, ⁣users are advised to update to the latest version of the linux-utils package. Alternatively, system administrators can disable the message broadcast⁢ functionality ‍or remove the setgid permissions from the wall command for​ immediate mitigation.

    Latest articles

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here