Veracode Vulnerability DatabaseVERACODE:46283Escape Sequence Injection
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.1%
util-linux is vulnerable to Escape Sequence Injection. The vulnerability is due to escape sequences being allowed to be sent to other users’ terminals through argv, especially when util-linux is often installed with setgid tty permissions, potentially leading to account takeover scenarios.
References
www.openwall.com/lists/oss-security/2024/03/27/5
www.openwall.com/lists/oss-security/2024/03/27/6
www.openwall.com/lists/oss-security/2024/03/27/7
www.openwall.com/lists/oss-security/2024/03/27/8
www.openwall.com/lists/oss-security/2024/03/27/9
www.openwall.com/lists/oss-security/2024/03/28/1
www.openwall.com/lists/oss-security/2024/03/28/2
www.openwall.com/lists/oss-security/2024/03/28/3
github.com/skyler-ferrante/CVE-2024-28085
github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq
lists.debian.org/debian-lts-announce/2024/04/msg00005.html
mirrors.edge.kernel.org/pub/linux/utils/util-linux/
people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
security-tracker.debian.org/tracker/CVE-2024-28085
security.netapp.com/advisory/ntap-20240531-0003/
www.openwall.com/lists/oss-security/2024/03/27/5
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
17.1%