Wind River Support Network

HomeDefectsLIN10-3523
Fixed

LIN10-3523 : Security Advisory - until-linux - CVE-2018-7738

Created: Mar 15, 2018    Updated: Dec 3, 2018
Resolved Date: Apr 2, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.6
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

https://nvd.nist.gov/vuln/detail/CVE-2018-7738

Other Downloads


CVEs


Live chat
Online