In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
History

Fri, 13 Dec 2024 14:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-06T22:00:00

Updated: 2024-12-13T13:09:22.233Z

Reserved: 2018-03-06T00:00:00

Link: CVE-2018-7738

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-07T02:29:03.533

Modified: 2024-12-13T14:15:19.380

Link: CVE-2018-7738

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-03-07T00:00:00Z

Links: CVE-2018-7738 - Bugzilla