An ancient Linux flaw might be opening up users to dangerous cyberattacks

News
By Sead Fadilpašić
published

Hackers can easily trick you into giving away your password

Close up of the Linux penguin.
(Image credit: Linux)

Many versions of Linux may be vulnerable to a flaw that allowed hackers to steal passwords, or change the contents of their clipboard.

The vulnerability, however, comes with a major caveat that makes exploitations somewhat unlikely (or at least heavily limited).

Cybersecurity researcher Skyler Ferrante recently discovered an “improper neutralization of escape sequences in wall” vulnerability, a flaw impacting the “wall” command. This command is usually used to broadcast messages to the terminals of all users logged to the same system.

WallEscape

With escape sequences not being properly filtered when processing input through command line arguments, a threat actor could, theoretically, launch a prompt to all connected users and have them type in their administrator password. Escape sequences could also be used to change the clipboard of a target user, although this method may not work with all terminal emulators.

The vulnerability is tracked as CVE-2024-28085, and dubbed WallEscape. It was fixed in Linux version 2.40, released in March 2024, but that means it has been present in Linux versions for the past 11 years.

While a proof-of-concept (PoC) for the vulnerability exists, and a practical application could occur, multiple factors need to align, first. For example, the attacker needs to have physical access to a Linux server, to which multiple other potential victims are already connected through the terminal. If you’re still worried about your Linux server being targeted, there is a solution. Linux released an upgrade to linux-utils v.2.40, which patches the vulnerability. 

Usually, these updates are available through the LInux distribution’s standard update channel, so keep an eye out. Furthermore, system administrators can fix the issue by removing the setgid permission from the “wall” command, or by disabling the message broadcast functionality using the “mesg” command to set its flag to “n”.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.