Headline
Ubuntu Security Notice USN-6719-1
Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
==========================================================================
Ubuntu Security Notice USN-6719-1
March 27, 2024
util-linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
util-linux could be made to expose sensitive information.
Software Description:
- util-linux: miscellaneous system utilities
Details:
Skyler Ferrante discovered that the util-linux wall command did not filter
escape sequences from command line arguments. A local attacker could
possibly use this issue to obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
util-linux 2.39.1-4ubuntu2.1
Ubuntu 22.04 LTS:
util-linux 2.37.2-4ubuntu3.3
Ubuntu 20.04 LTS:
util-linux 2.34-0.1ubuntu9.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6719-1
CVE-2024-28085
Package Information:
https://launchpad.net/ubuntu/+source/util-linux/2.39.1-4ubuntu2.1
https://launchpad.net/ubuntu/+source/util-linux/2.37.2-4ubuntu3.3
https://launchpad.net/ubuntu/+source/util-linux/2.34-0.1ubuntu9.5
Related news
Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
Debian Linux Security Advisory 5650-1 - Skyler Ferrante discovered that the wall tool from util-linux does not properly handle escape sequences from command line arguments. A local attacker can take advantage of this flaw for information disclosure.
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.