0003891: Arbitrary command execution after tab pressed twice to list "umount" command.

ID	Project	Category	View Status	Date Submitted	Last Update

0003891	Kali Linux	General Bug	public	2017-02-22 02:32	2018-07-27 10:23

Reporter	mright007	Assigned To	rhertzog
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	2016.2
Fixed in Version	2018.3

Summary	0003891: Arbitrary command execution after tab pressed twice to list "umount" command.
Description	Command in volume name is executed when "umount " command is entered and "tab" button is pressed twice.
Steps To Reproduce	First, I changed the volume name of my USB drive to "$(date)" using this command below: fatlabel /dev/sdb1 "\$(date)" Second, plug in the USB drive to kali and mount it. Last step, when you input "umount " and press "tab" twice(for command compeletion), "date" command is executed and result is in the output.
Additional Information	if you replace "date" command with "reboot", kali will shutdown.
Attached Files	kali_bug.jpg (432,570 bytes)

crash 2017-03-07 09:41 reporter ~0006471	Hi man! I tested your bug. Could you meet me at #kali-linux irc channel @freenode? Thanks.

rhertzog 2018-07-27 10:23 administrator ~0009392	This has been fixed upstream. https://bugs.debian.org/892179 and CVE-2018-7738 are related to this issue. util-linux 2.31.1-0.5 and newer have the fix.

Date Modified	Username	Field	Change
2017-02-22 02:32	mright007	New Issue
2017-02-22 02:32	mright007	File Added: kali_bug.jpg
2017-03-07 09:41	crash	Note Added: 0006471
2017-03-07 13:28	rhertzog	Assigned To	=> rhertzog
2017-03-07 13:28	rhertzog	Status	new => assigned
2018-06-22 06:19	g0tmi1k	Severity	major => minor
2018-06-22 06:20	g0tmi1k	Priority	high => normal
2018-07-27 10:23	rhertzog	Status	assigned => resolved
2018-07-27 10:23	rhertzog	Resolution	open => fixed
2018-07-27 10:23	rhertzog	Fixed in Version	=> 2018.3
2018-07-27 10:23	rhertzog	Note Added: 0009392

fatlabel /dev/sdb1 "\$(date)"