Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Mar 2018 06:49:33 +0100
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Subject: util-linux: CVE-2018-7738: code execution in bash-completion for


Björn Bosselmann reported to the Debian bugtracker[0], that the umount
bash-completion as provided by the util-linux source does not escape
mount point paths. A user with privileges to mount filesystems can
embbed shell commands in a mountpoint name and taking advantage of
this flaw to gain privilgeges.

The issue was (indirectly) in [1] while adressing another issue.

MITRE has assigned 'CVE-2018-7738' for this issue.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ