CVE-2018-7738

Related Files

Ubuntu Security Notice USN-4512-1

Posted Sep 17, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4512-1 - It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash completion.

tags | advisory, arbitrary, local, bash

systems | linux, ubuntu

advisories | CVE-2018-7738

SHA-256 | 721b596b39c552a83413d7c73f21fa99895259ca2b06e7ee12a54af082236b77

Download | Favorite | View

Debian Security Advisory 4134-1

Posted Mar 10, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4134-1 - Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present.

tags | advisory, shell, root, bash

systems | linux, debian

advisories | CVE-2018-7738

SHA-256 | 83b60daf457134ad19dfdbe3b0fbb827b9872307ec8d73874d18ff1123086aa2

Download | Favorite | View

Gentoo Linux Security Advisory 201803-02

Posted Mar 7, 2018

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201803-2 - A vulnerability was discovered in util-linux, which could potentially lead to the execution of arbitrary code. Versions less than 2.30.2-r1 are affected.

tags | advisory, arbitrary

systems | linux, gentoo

advisories | CVE-2018-7738

SHA-256 | c53758085963969a5d8d1cabb18a0b7ba4de041931b130bf072ccc778a2dae8b

Download | Favorite | View