Security News > 2024 > March > Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability in the wall command of the util-linux package that is part of the Linux operating system could allow an unprivileged attacker to steal passwords or change the victim's clipboard.
WallEscape impacts the 'wall' command, which is typically used in Linux systems to broadcast messages to the terminals of all users logged to the same system, such as a server.
Because escape sequences are improperly filtered when processing input through command line arguments, an unprivileged user could exploit the vulnerability using escape control characters to create a fake SUDO prompt on other users' terminals and trick them into typing their administrator password.
One example describes the steps to create a fake sudo prompt for Gnome terminal to trick the user into typing in their password.
This requires some precautions that are possible by using the wall command to pass to the target a script that changes their input in the terminal so that the fake password prompt passes as a legitimate request.
To find the password, an attacker would then have to check the /proc/$pid/cmdline file for the command arguments, which are visible for unprivileged users on multiple Linux distributions.