[Bug 1792967] Re: CVE-2018-7738 - command execution via unmount's bash-completion
Alex Murray
alex.murray at canonical.com
Thu Sep 20 14:41:15 UTC 2018
** Changed in: util-linux (Ubuntu)
Status: New => Confirmed
** Changed in: util-linux (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to util-linux in Ubuntu.
https://bugs.launchpad.net/bugs/1792967
Title:
CVE-2018-7738 - command execution via unmount's bash-completion
Status in util-linux package in Ubuntu:
Confirmed
Bug description:
"In util-linux before 2.32-rc1, bash-completion/umount allows local
users to gain privileges by embedding shell commands in a mountpoint
name, which is mishandled during a umount command (within Bash) by a
different user, as demonstrated by logging in as root and entering
umount followed by a tab character for autocompletion."
https://security-tracker.debian.org/tracker/CVE-2018-7738
Here is the patch that Debian applied earlier:
https://salsa.debian.org/debian/util-linux/blob/1d518f8b38e81cfcc6e0cd1ecbf9ea72d568e53a/debian/patches/bash-completion-umount-use-findmnt-escape-a-space-in.patch
It's already been fixed in cosmic but needs to be fixed in bionic.
I saw this link on social media this weekend:
https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1792967/+subscriptions
More information about the foundations-bugs
mailing list