Hello, On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote: > I just saw this advisory > Escape sequence injection in util-linux wall (CVE-2024-28085) > https://seclists.org/fulldisclosure/2024/Mar/35 > where they're talking about grabbing other users sudo password.
I note that "write" and "wall" in Debian had setgid removed after this. https://salsa.debian.org/debian/util-linux/-/commit/c4be137b4b09a855713c1f4d052dfee773c4ad3b https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting