CVE-2018-7738

Опубликовано: 07 мар. 2018

Источник: ubuntu

Приоритет: negligible

CVSS2: 7.2

CVSS3: 7.8

Описание

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	code not present
cosmic	ignored	end of life
devel	not-affected	code not present
disco	ignored	end of life
eoan	ignored	end of life
esm-infra-legacy/trusty	not-affected
esm-infra/bionic	not-affected	code not present
esm-infra/focal	not-affected	code not present
esm-infra/xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	2.31.1-0.4ubuntu3.7
cosmic	not-affected	2.32-0.1ubuntu2
devel	not-affected	2.33.1-0.1ubuntu2
disco	not-affected	2.33.1-0.1ubuntu2
eoan	not-affected	2.33.1-0.1ubuntu2
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	released	2.31.1-0.4ubuntu3.7
esm-infra/focal	not-affected	2.33.1-0.1ubuntu2
esm-infra/xenial	not-affected	code not present

Показывать по

Ссылки на источники

7.2 High

CVSS2

7.8 High

CVSS3

Связанные уязвимости

CVE-2018-7738

CVSS3: 6.7

redhat

почти 8 лет назад

CVE-2018-7738

CVSS3: 7.8

nvd

почти 8 лет назад

CVE-2018-7738

CVSS3: 7.8

debian

почти 8 лет назад

In util-linux before 2.32-rc1, bash-completion/umount allows local use ...

openSUSE-SU-2018:2205-1

suse-cvrf

больше 7 лет назад

Security update for util-linux

openSUSE-SU-2018:2203-1

suse-cvrf

больше 7 лет назад

Security update for util-linux

7.2 High

CVSS2

7.8 High

CVSS3

CVE-2018-7738

Описание

Пакет bash-completion

Пакет util-linux

Ссылки на источники

Связанные уязвимости