mirror of
https://git.yoctoproject.org/poky
synced 2026-05-02 09:32:14 +02:00
ec87d3ca28
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. CVE-2024-28085-0005 is the CVE fix and CVE-2024-28085-0001, CVE-2024-28085-0002, CVE-2024-28085-0003, CVE-2024-28085-0004 are dependent commits to fix the CVE. References: https://nvd.nist.gov/vuln/detail/CVE-2024-28085 (From OE-Core rev: 28d9f948536dfee2330e4cfd225c932d20d688f1) Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
35 lines
1017 B
Diff
35 lines
1017 B
Diff
From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
|
|
From: Karel Zak <kzak@redhat.com>
|
|
Date: Thu, 21 Mar 2024 11:16:20 +0100
|
|
Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
|
|
|
|
Let's use for all cases the same output function.
|
|
|
|
Reported-by: Skyler Ferrante <sjf5462@rit.edu>
|
|
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
CVE: CVE-2024-28085
|
|
|
|
Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/404b0781f52f7c045ca811b2dceec526408ac253]
|
|
|
|
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
|
|
---
|
|
term-utils/wall.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/term-utils/wall.c b/term-utils/wall.c
|
|
index 85c006a..0212c03 100644
|
|
--- a/term-utils/wall.c
|
|
+++ b/term-utils/wall.c
|
|
@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
|
|
int i;
|
|
|
|
for (i = 0; i < mvecsz; i++) {
|
|
- fputs(mvec[i], fs);
|
|
+ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
|
|
if (i < mvecsz - 1)
|
|
fputc(' ', fs);
|
|
}
|
|
--
|
|
2.40.0
|