Did you know that a security flaw worse than an end-level boss has been lurking in the depths of our beloved Linux for over a decade? And be careful, we’re not talking about a common bug that crashes your favorite distro, no, no. This dirt called ” WallEscape “Skyler Ferrante, a somewhat crazy security researcher (we’ll get to that later), doesn’t let the smart guy steal your precious admin password no less!
It all starts with a harmless command called ” wall“, is present in the util-linux package. Her little job is to send messages to all users connected to the same machine. For now, we can say, nothing terrible.
Except that one fine day, or rather bad day in 2013, a slightly confused commit intruded into the wall’s code like a hair in the soup. Since then, this black sheep has quietly spread across all versions of util-linux like an unknown computer virus.
But what’s so terrible about this commit? Well, to put it simply, the developer who came up with this simply forgot to properly filter out the famous “escape sequences” in command line arguments. The result of the racing: a smart little craftsman can now cheerfully inject a whole bunch of control characters to do not very Catholic things on your terminal.
This is where our security researcher friend I told you about at the beginning of the article comes into play. Armed with his legendary curiosity and questionable sense of humor, he sensed a potential mistake and happily put together an attack scenario worthy of a movie from my favorite saga: Die Hard. A devilishly brilliant idea is to use those famous unfiltered escape sequences to create false clues. sudo on the victim’s terminal. Thus, an attacker, like a wolf in sheep’s clothing, can trick you into entering an administrator password, thinking that you are dealing with a real system authentication request.
Well, I can reassure you right away, there are still some conditions that must be met for the attack to work. Already the option ” message ” is enabled on your computer and the wall command has permissions setgid.
Of course, as a true self-respecting computer geek, you’ve probably already updated your system to the latest version of util-linux, which fills the gap. Otherwise you can always check what the permissions are setgid are not activated on the wall or disable this message feature completely using ” message“.
In the meantime, I can only encourage you to take a look at PoC from our researcher friend, just to see what a fake sudo family prompt might look like. It is always necessary to shine in society.
Come on, have fun and don’t forget: court RM-RF /*, this evil!
Source
Related Posts
Samsung makes fun of Apple’s (bad) advertising
Android 15: list of new smartphones compatible with beta version – Frandroid
