New Linux flaw: 'Wall' vulnerability poses security risk
A cybersecurity researcher has discovered a serious vulnerability in some versions of Linux that could allow hackers to access users' passwords or even modify the contents of their clipboard.
Here's What We Know
The vulnerability, known as CVE-2024-28085 or WallEscape, affects the "wall" command, which is used to broadcast messages to the terminals of all users online in the system.
The flaw was patched in Linux 2.40 in March 2024, but has been present in Linux versions for the past 11 years. A hacker can take advantage of and exploit the escape sequence neutralisation flaw to force users to enter their administrator password or modify their clipboard.
To avoid the risks, system administrators recommend fixing the vulnerability by upgrading to Linux 2.40 or removing the setgid permission from the "wall" command. It is also possible to disable the message broadcasting feature with the "mesg" command to reduce the threat.
Source: TechRadar