cve/CVE-2024-28085.md at c052d0d6949679697108fa931a00cd4220694869

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-31 10:40:54 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

POC

Reference

http://www.openwall.com/lists/oss-security/2024/03/27/5
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://www.openwall.com/lists/oss-security/2024/03/27/5

Github

https://github.com/giterlizzi/secdb-feeds
https://github.com/kherrick/lobsters
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/testing-felickz/docker-scout-demo

1.1 KiB Raw Blame History

CVE-2024-28085

Description

POC

Reference

Github

1.1 KiB

Raw Blame History