GLSA-201803-02 : util-linux: User-assisted execution of arbitrary code
High Nessus Plugin ID 107200
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201803-02 (util-linux: User-assisted execution of arbitrary code)
It was discovered that the umount bash-completion as provided by util-linux does not escap mount point paths.
An attacker controlling a volume label could entice a user with privileges to mount/umount filesystems to use umount command with auto completion, possibly resulting in execution of arbitrary code with root privileges.
Disable Bash-completion or remove “/usr/share/bash-completion/completions/umount”.
SolutionAll util-linux users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/util-linux-2.30.2-r1'