2018-09-23 13:48 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003891Kali Linux[All Projects] General Bugpublic2018-07-27 10:23
Assigned Torhertzog 
Product Version2016.2 
Target VersionFixed in Version2018.3 
Summary0003891: Arbitrary command execution after tab pressed twice to list "umount" command.
DescriptionCommand in volume name is executed when "umount " command is entered and "tab" button is pressed twice.
Steps To ReproduceFirst, I changed the volume name of my USB drive to "$(date)" using this command below:
# fatlabel /dev/sdb1 "\$(date)"
Second, plug in the USB drive to kali and mount it.

Last step, when you input "umount " and press "tab" twice(for command compeletion), "date" command is executed and result is in the output.
Additional Informationif you replace "date" command with "reboot", kali will shutdown.
Attached Files




crash (reporter)

Hi man!
I tested your bug. Could you meet me at #kali-linux irc channel @freenode?



rhertzog (administrator)

This has been fixed upstream. https://bugs.debian.org/892179 and CVE-2018-7738 are related to this issue.

util-linux 2.31.1-0.5 and newer have the fix.

-Issue History
Date Modified Username Field Change
2017-02-22 02:32 mright007 New Issue
2017-02-22 02:32 mright007 File Added: kali_bug.jpg
2017-03-07 09:41 crash Note Added: 0006471
2017-03-07 13:28 rhertzog Assigned To => rhertzog
2017-03-07 13:28 rhertzog Status new => assigned
2018-06-22 06:19 g0tmi1k Severity major => minor
2018-06-22 06:20 g0tmi1k Priority high => normal
2018-07-27 10:23 rhertzog Status assigned => resolved
2018-07-27 10:23 rhertzog Resolution open => fixed
2018-07-27 10:23 rhertzog Fixed in Version => 2018.3
2018-07-27 10:23 rhertzog Note Added: 0009392
+Issue History