Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
ecc9ce4c4b883659f1ca7166c8fbbec41ccb6264494ba71cb4e9a807cd993345
Debian Linux Security Advisory 5650-1 - Skyler Ferrante discovered that the wall tool from util-linux does not properly handle escape sequences from command line arguments. A local attacker can take advantage of this flaw for information disclosure.
acb20eaeeef15a8c4f1e97df956cc1d8fb6948afdd1dffef8425a53e111489a3
Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9de
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077