CVE-2024-28085

Public on 2024-03-27
Modified on 2024-03-28
Description
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.6
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 util-linux Not Affected
Amazon Linux 2 - Core util-linux Not Affected
Amazon Linux 2023 util-linux Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
NVD CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N