I just saw this advisory
Escape sequence injection in util-linux wall (CVE-2024-28085)
https://seclists.org/fulldisclosure/2024/Mar/35
where they're talking about grabbing other users sudo password.
Apparently the root of the security issue is that wall is a setguid program?
Even more fun is the instructions
To make sure the PoC will work, make sure your victim user can
actually receive messages. First check that mesg is set to y
(`mesg y`). If a user does not have mesg turned on, they are not
exploitable.
WTF?? I've never heard of a mesg, but
$ which mesg
/usr/bin/mesg
So. There is a program called 'mesg', hrmmm..
man mesg
...
Traditionally, write access is allowed by default. However, as users
become more conscious of various security risks, there is a trend to
remove write access by default, at least for the primary login shell.
To make sure your ttys are set the way you want them to be set, mesg
should be executed in your login scripts.
oof. Are there instructions somewhere on how to make Debian secure by default?
Thanks,
Lee
