ALT-PU-2025-12239-2 — util-linux

BDU:2024-02517

HIGH8.4

Уязвимость пакета util-linux операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к паролям или изменить буфер обмена пользователя

Published: 2024-04-02Modified: 2026-04-15

CVSS 3.xHIGH 8.4

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSS 2.0MEDIUM 6.2

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:N

References

CVE-2024-28085

CVE-2024-28085

LOW3.3

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Published: 2024-03-27Modified: 2025-11-04

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

http://www.openwall.com/lists/oss-security/2024/03/27/5
http://www.openwall.com/lists/oss-security/2024/03/27/6
http://www.openwall.com/lists/oss-security/2024/03/27/7
http://www.openwall.com/lists/oss-security/2024/03/27/8
http://www.openwall.com/lists/oss-security/2024/03/27/9
http://www.openwall.com/lists/oss-security/2024/03/28/1
http://www.openwall.com/lists/oss-security/2024/03/28/2
http://www.openwall.com/lists/oss-security/2024/03/28/3
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://security.netapp.com/advisory/ntap-20240531-0003/
https://www.openwall.com/lists/oss-security/2024/03/27/5
http://seclists.org/fulldisclosure/2024/Mar/35
http://www.openwall.com/lists/oss-security/2024/03/27/5
http://www.openwall.com/lists/oss-security/2024/03/27/6
http://www.openwall.com/lists/oss-security/2024/03/27/7
http://www.openwall.com/lists/oss-security/2024/03/27/8
http://www.openwall.com/lists/oss-security/2024/03/27/9
http://www.openwall.com/lists/oss-security/2024/03/28/1
http://www.openwall.com/lists/oss-security/2024/03/28/2
http://www.openwall.com/lists/oss-security/2024/03/28/3
https://github.com/skyler-ferrante/CVE-2024-28085
https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
https://security.netapp.com/advisory/ntap-20240531-0003/
https://www.openwall.com/lists/oss-security/2024/03/27/5

Package update util-linux in branch c10f2

Closed issues (2)

Уязвимость пакета util-linux операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к паролям или изменить буфер обмена пользователя