[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2024-28085Date: (C)2024-03-29   (M)2024-05-16


wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.4CVSS Score :
Exploit Score: Exploit Score:
Impact Score: Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector:
Attack Complexity: Access Complexity:
Privileges Required: Authentication:
User Interaction: Confidentiality:
Scope: Integrity:
Confidentiality: Availability:
Integrity:  
Availability:  
  
Reference:
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://www.openwall.com/lists/oss-security/2024/03/27/5

OVAL    11
oval:org.secpod.oval:def:89051709
oval:org.secpod.oval:def:613032
oval:org.secpod.oval:def:89051735
oval:org.secpod.oval:def:99567
...
XCCDF    1

© SecPod Technologies