TROYANOSYVIRUS
Volver a CVEs

CVE-2024-28085

LOW
3.3

Descripcion

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Detalles CVE

Puntuacion CVSS v3.13.3
SeveridadLOW
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/27/2024
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

debian:debian_linuxkernel:util-linux

Debilidades (CWE)

CWE-150

Referencias

http://www.openwall.com/lists/oss-security/2024/03/27/5(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/27/6(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/27/7(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/27/8(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/27/9(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/28/1(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/28/2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2024/03/28/3(cve@mitre.org)
https://github.com/skyler-ferrante/CVE-2024-28085(cve@mitre.org)
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq(cve@mitre.org)
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html(cve@mitre.org)
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/(cve@mitre.org)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20240531-0003/(cve@mitre.org)
https://www.openwall.com/lists/oss-security/2024/03/27/5(cve@mitre.org)
http://seclists.org/fulldisclosure/2024/Mar/35(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/27/5(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/27/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/27/7(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/27/8(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/27/9(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/28/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/28/2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/03/28/3(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/skyler-ferrante/CVE-2024-28085(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html(af854a3a-2127-422b-91ae-364da2661108)
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/(af854a3a-2127-422b-91ae-364da2661108)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240531-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2024/03/27/5(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.