Potential privilege escalation by embedding shell commands in a mountpoint name

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

Ubuntu 18.04 LTS : util-linux vulnerability (USN-4512-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4512-1 advisory. It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create...

CVE-2020-7628

umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization...

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

CVE-2018-7738

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

CVE-2018-7738

The CVE-2018-7738 entry concerns util-linux before 2.32-rc1, where the bash-completion/umount script mishandles certain mountpoint names, allowing a local attacker to escalate privileges via an autocompletion sequence in Bash. Exploitation is demonstrated by embedding shell commands in a mountpoi...

CVE-2013-0157

a mount and b umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by 1 using the --guess-fstype command-line option or 2 attempting to mount a non-existent device, which generates different error messages dependin...

SuSe mount/umount溢出漏洞

由于mount/umount命令没有对用户的输入进行正确的边界检查，如果攻击者以超长的相对路径名为参数运行mount/umount程序，将会覆盖为realpath函数动态分配的内存空间的内容。攻击者通过修改堆heap数据有可能会获得root特权。 SuSe Linux 所有版本 Package: util 2.10f 升级util软件包，或去掉mount/umount的suid位。 ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/util-2.10f-4.alpha.rpm...

cvnmount.exploit

Covin Security Releases: mount bufferoverflow exploit v1.0 Tested operated systems: All current distributions of Linux Affect: Local users on systems affected can gain overflow mounts syntax buffer and execute a shell by overwriting the stack. Affected binaries: /bin/mount and /bin/umount...

Linux & BSD umount Local Root Exploit

Exploit for multiple platform in category local exploits ===================================== Linux & BSD umount Local Root Exploit ===================================== / Reminder - Be sure to fix the includes /str0ke / -------------------------------------- linuxumountexploit.c ----------...

BSD / Linux - 'umount' Local Privilege Escalation

/ Reminder - Be sure to fix the includes /str0ke / -------------------------------------- linuxumountexploit.c ---------- include include include include include include define PATHMOUNT "/bin/umount" define BUFFERSIZE 1024 define DEFAULTOFFSET 50 ulong getesp asm"movl %esp, %eax"; mainint argc,...