"Decade-Old Linux 'Wall' Bug Helps Make Fake Sudo Prompts, Steal Passwords"

According to security researcher Skyler Ferrante, a vulnerability dubbed "WallEscape" in the wall command of the util-linux package included with the Linux operating system could enable an unprivileged attacker to steal passwords or change the victim's clipboard. The security flaw has been present in all versions of the package for the past 11 years up to the recent 2.40 release. While the vulnerability demonstrates how an attacker can trick a user into giving up their administrator password, its exploitation is limited. An attacker must have access to a Linux server that already has multiple users connected simultaneously through the terminal. This article continues to discuss findings regarding the decade-old Linux vulnerability.

Bleeping Computer reports "Decade-Old Linux 'Wall' Bug Helps Make Fake Sudo Prompts, Steal Passwords"

Submitted by grigby1

Submitted by Gregory Rigby on