CVE-2024-28085

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-28085
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
CVSS

No CVSS.

References
Link Resource
http://www.openwall.com/lists/oss-security/2024/03/27/5 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/5 Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/6 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/7 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/7 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/8 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/8 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/9 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/27/9 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/1 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/3 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/03/28/3 Mailing List Patch Third Party Advisory
https://github.com/skyler-ferrante/CVE-2024-28085 Exploit Third Party Advisory
https://github.com/skyler-ferrante/CVE-2024-28085 Exploit Third Party Advisory
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq Broken Link
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq Broken Link
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html Mailing List Third Party Advisory
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/ Product
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/ Product
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt Exploit Third Party Advisory
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20240531-0003/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240531-0003/ Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/03/27/5 Mailing List Third Party Advisory
https://www.openwall.com/lists/oss-security/2024/03/27/5 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

20 Mar 2025, 17:58

Type Values Removed Values Added
CPE cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/03/27/6 - () http://www.openwall.com/lists/oss-security/2024/03/27/6 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/28/3 - () http://www.openwall.com/lists/oss-security/2024/03/28/3 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/27/8 - () http://www.openwall.com/lists/oss-security/2024/03/27/8 - Mailing List, Patch, Third Party Advisory
References () https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq - () https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq - Broken Link
References () https://github.com/skyler-ferrante/CVE-2024-28085 - () https://github.com/skyler-ferrante/CVE-2024-28085 - Exploit, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/27/9 - () http://www.openwall.com/lists/oss-security/2024/03/27/9 - Mailing List, Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html - () https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/28/2 - () http://www.openwall.com/lists/oss-security/2024/03/28/2 - Mailing List, Third Party Advisory
References () https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/ - () https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/ - Product
References () https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt - () https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt - Exploit, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/28/1 - () http://www.openwall.com/lists/oss-security/2024/03/28/1 - Mailing List, Patch, Third Party Advisory
References () https://www.openwall.com/lists/oss-security/2024/03/27/5 - () https://www.openwall.com/lists/oss-security/2024/03/27/5 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/27/7 - () http://www.openwall.com/lists/oss-security/2024/03/27/7 - Mailing List, Patch, Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20240531-0003/ - () https://security.netapp.com/advisory/ntap-20240531-0003/ - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2024/03/27/5 - () http://www.openwall.com/lists/oss-security/2024/03/27/5 - Exploit, Mailing List, Third Party Advisory
First Time Debian debian Linux
Kernel util-linux
Kernel
Debian

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240531-0003/ -

01 May 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/27/5 -
  • () http://www.openwall.com/lists/oss-security/2024/03/28/2 -
  • () http://www.openwall.com/lists/oss-security/2024/03/28/3 -
  • () http://www.openwall.com/lists/oss-security/2024/03/27/7 -
  • () http://www.openwall.com/lists/oss-security/2024/03/27/8 -

01 May 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/03/28/1 -
  • () http://www.openwall.com/lists/oss-security/2024/03/27/9 -
  • () http://www.openwall.com/lists/oss-security/2024/03/27/6 -

07 Apr 2024, 12:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html -

27 Mar 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-27 19:15

Updated : 2025-03-20 17:58

NVD link : CVE-2024-28085

Mitre link : CVE-2024-28085

JSON object : View

Products Affected

debian

  • debian_linux

kernel

  • util-linux
CWE

No CWE.