First published: Tue Mar 06 2018(Updated: )
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kernel Util-linux | <=2.31 | |
debian/bash-completion | <=1:2.11-2<=1:2.11-6<=1:2.14.0-2 | |
debian/util-linux | 2.36.1-8+deb11u2 2.38.1-5+deb12u2 2.38.1-5+deb12u1 2.40.2-12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-7738 is a vulnerability in util-linux before 2.32-rc1 that allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command.
An attacker can exploit CVE-2018-7738 by creating a malicious mountpoint name with embedded shell commands, and then triggering a umount command as a different user.
CVE-2018-7738 has a severity rating of 7.8 (high).
Versions before 2.32-rc1 of util-linux are affected by CVE-2018-7738.
Yes, the fix for CVE-2018-7738 is included in version 2.32-rc1 of util-linux.