Main Vulnerability Database SB2023112170

SB2023112170 - SUSE update for util-linux

Published: November 21, 2023

Security Bulletin ID SB2023112170

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2018-7738)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to insufficient validation of shell commands that are used in the name of a mountpoint. A local attacker can embed crafted shell commands in the name of a mountpoint. If another user on the system executes the umount command along with a tab character for autocomplete, the attacker can gain elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20234512-1/

Vulnerable Software

SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP1 - SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE CaaS Platform: 4.0
libmount1-32bit: before 2.33.2-150100.4.40.1
libblkid1-32bit: before 2.33.2-150100.4.40.1
libblkid1-32bit-debuginfo: before 2.33.2-150100.4.40.1
libuuid1-32bit: before 2.33.2-150100.4.40.1
libuuid1-32bit-debuginfo: before 2.33.2-150100.4.40.1
libmount1-32bit-debuginfo: before 2.33.2-150100.4.40.1
util-linux-lang: before 2.33.2-150100.4.40.1
libmount-devel: before 2.33.2-150100.4.40.1
util-linux-systemd-debuginfo: before 2.33.2-150100.4.40.1
libblkid-devel: before 2.33.2-150100.4.40.1
libmount1: before 2.33.2-150100.4.40.1
libblkid1-debuginfo: before 2.33.2-150100.4.40.1
libsmartcols1-debuginfo: before 2.33.2-150100.4.40.1
util-linux-debuginfo: before 2.33.2-150100.4.40.1
libfdisk1: before 2.33.2-150100.4.40.1
libuuid1-debuginfo: before 2.33.2-150100.4.40.1
util-linux: before 2.33.2-150100.4.40.1
libsmartcols1: before 2.33.2-150100.4.40.1
uuidd-debuginfo: before 2.33.2-150100.4.40.1
uuidd: before 2.33.2-150100.4.40.1
libmount1-debuginfo: before 2.33.2-150100.4.40.1
libuuid1: before 2.33.2-150100.4.40.1
libblkid1: before 2.33.2-150100.4.40.1
util-linux-systemd-debugsource: before 2.33.2-150100.4.40.1
libfdisk1-debuginfo: before 2.33.2-150100.4.40.1
libblkid-devel-static: before 2.33.2-150100.4.40.1
libsmartcols-devel: before 2.33.2-150100.4.40.1
util-linux-debugsource: before 2.33.2-150100.4.40.1
util-linux-systemd: before 2.33.2-150100.4.40.1
libfdisk-devel: before 2.33.2-150100.4.40.1
libuuid-devel: before 2.33.2-150100.4.40.1
libuuid-devel-static: before 2.33.2-150100.4.40.1