Longstanding Linux Bug Poses Risk: How to Protect Yourself from “WallEscape”

03.04.24

Threat Intelligence Alerts

A recently discovered vulnerability in the Linux operating system has security experts urging users to act. Dubbed “WallEscape” (CVE-2024-28085), this flaw could potentially allow unauthorised individuals to gain access to your system and steal sensitive information, including passwords.

The “WallEscape” vulnerability has been present in a common Linux package called “util-linux” for over a decade. It affects the “wall” command, which is often used to broadcast messages to all users on a system. The issue lies in how the command handles special characters known as “escape sequences.” An attacker could exploit this weakness to create fake prompts that look like official system requests, tricking unsuspecting users into entering their passwords.

While the “WallEscape” exploit requires some specific conditions, the risk is significant in multi-user environments such as corporate or university servers. An attacker with access to such a system could potentially steal passwords, manipulate data on the clipboard, and gain further control within the network.

The good news is that you can take steps to protect yourself from this vulnerability:

The “WallEscape” vulnerability is a sobering reminder that even widely used software can harbor hidden flaws. Staying informed about the latest security updates and applying them promptly is crucial in protecting your systems. If you manage a Linux environment, review your configurations and consider the protection measures outlined above.

For technical details and more specific mitigation advice, you can refer to the following resources:

https://www.bleepingcomputer.com/news/security/decade-old-linux-wall-bug-helps-make-fake-sudo-prompts-steal-passwords

https://github.com/skyler-ferrante/CVE-2024-28085