vulnerability
SUSE: CVE-2018-7738: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Mar 6, 2018 | Jul 27, 2018 | Oct 22, 2021 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Mar 6, 2018
Added
Jul 27, 2018
Modified
Oct 22, 2021
Description
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
Solutions
suse-upgrade-libblkid-develsuse-upgrade-libblkid-devel-32bitsuse-upgrade-libblkid-devel-staticsuse-upgrade-libblkid1suse-upgrade-libblkid1-32bitsuse-upgrade-libfdisk-develsuse-upgrade-libfdisk-devel-staticsuse-upgrade-libfdisk1suse-upgrade-libmount-develsuse-upgrade-libmount-devel-32bitsuse-upgrade-libmount-devel-staticsuse-upgrade-libmount1suse-upgrade-libmount1-32bitsuse-upgrade-libsmartcols-develsuse-upgrade-libsmartcols-devel-staticsuse-upgrade-libsmartcols1suse-upgrade-libuuid-develsuse-upgrade-libuuid-devel-32bitsuse-upgrade-libuuid-devel-staticsuse-upgrade-libuuid1suse-upgrade-libuuid1-32bitsuse-upgrade-python-libmountsuse-upgrade-util-linuxsuse-upgrade-util-linux-langsuse-upgrade-util-linux-systemdsuse-upgrade-uuidd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.