2018-09-23 13:48 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003891Kali Linux[All Projects] General Bugpublic2018-07-27 10:23
Reportermright007 
Assigned Torhertzog 
PrioritynormalSeverityminorReproducibilityalways
StatusresolvedResolutionfixed 
Product Version2016.2 
Target VersionFixed in Version2018.3 
Summary0003891: Arbitrary command execution after tab pressed twice to list "umount" command.
DescriptionCommand in volume name is executed when "umount " command is entered and "tab" button is pressed twice.
Steps To ReproduceFirst, I changed the volume name of my USB drive to "$(date)" using this command below:
# fatlabel /dev/sdb1 "\$(date)"
Second, plug in the USB drive to kali and mount it.

Last step, when you input "umount " and press "tab" twice(for command compeletion), "date" command is executed and result is in the output.
Additional Informationif you replace "date" command with "reboot", kali will shutdown.
Attached Files

-Relationships
+Relationships

-Notes

~0006471

crash (reporter)

Hi man!
I tested your bug. Could you meet me at #kali-linux irc channel @freenode?

Thanks.

~0009392

rhertzog (administrator)

This has been fixed upstream. https://bugs.debian.org/892179 and CVE-2018-7738 are related to this issue.

util-linux 2.31.1-0.5 and newer have the fix.
+Notes

-Issue History
Date Modified Username Field Change
2017-02-22 02:32 mright007 New Issue
2017-02-22 02:32 mright007 File Added: kali_bug.jpg
2017-03-07 09:41 crash Note Added: 0006471
2017-03-07 13:28 rhertzog Assigned To => rhertzog
2017-03-07 13:28 rhertzog Status new => assigned
2018-06-22 06:19 g0tmi1k Severity major => minor
2018-06-22 06:20 g0tmi1k Priority high => normal
2018-07-27 10:23 rhertzog Status assigned => resolved
2018-07-27 10:23 rhertzog Resolution open => fixed
2018-07-27 10:23 rhertzog Fixed in Version => 2018.3
2018-07-27 10:23 rhertzog Note Added: 0009392
+Issue History