CVE-2018-7738
published 2018-03-07CVE-2018-7738: In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bash-completion | < util-linux 2.31.1-0.5 (bookworm) | util-linux 2.31.1-0.5 (bookworm) |
| debian | util-linux | < util-linux 2.31.1-0.5 (bookworm) | util-linux 2.31.1-0.5 (bookworm) |
| kernel | util-linux | <= 2.31 | — |
| kernel | util-linux | >= 0 < 2.31.1-0.5 | 2.31.1-0.5 |
| kernel | util-linux | >= 0 < 2.31.1-0.5 | 2.31.1-0.5 |
| kernel | util-linux | >= 0 < 2.31.1-0.5 | 2.31.1-0.5 |
| kernel | util-linux | >= 0 < 2.31.1-0.5 | 2.31.1-0.5 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH