*** This bug is a security vulnerability *** Public security bug reported:
"In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion." https://security-tracker.debian.org/tracker/CVE-2018-7738 Here is the patch that Debian applied earlier: https://salsa.debian.org/debian/util-linux/blob/1d518f8b38e81cfcc6e0cd1ecbf9ea72d568e53a/debian/patches/bash-completion-umount-use-findmnt-escape-a-space-in.patch It's already been fixed in cosmic but needs to be fixed in bionic. I saw this link on social media this weekend: https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/ ** Affects: util-linux (Ubuntu) Importance: Undecided Status: New ** Tags: bionic ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7738 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1792967 Title: CVE-2018-7738 - command execution via unmount's bash-completion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1792967/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
