{"vulnerability": "CVE-2018-7738", "sightings": [{"uuid": "950d9ef0-92c6-4eb9-8dd7-acb1ea6df74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-7738", "type": "published-proof-of-concept", "source": "https://t.me/itsecalert/116", "content": "\u26a0  Malicious Command Execution via bash-completion (CVE-2018-7738) At minimum, affected versions: Ubuntu 18.04\nThis issue affects any system using the util-linux \nmount/umount bash-completion scripts between version 2.24 and 2.31.\n\nA series of bugs apply with specially formatted USB drive name, which on mount run code.\n\nexample: \n\nsudo mkfs.ntfs -f -L 'IFS=,;a=sudo,reboot;\\$a' /dev/sdb1\n\numount\n\n(severity: \ud83d\udd37 low) - requires physical access\nMore info: https://yt.gl/say6z\n\n#alert #severityLow #local #bash\n\nDiscuss this at @itsectalk and let your Linux sysadmins know.", "creation_timestamp": "2018-09-16T17:18:36.000000Z"}, {"uuid": "b52f94d0-ab32-4835-abd1-e90cef0915b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-7738", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/4393", "content": "Malicious Command Execution via bash-completion (CVE-2018-7738)\nhttps://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/", "creation_timestamp": "2018-09-14T19:42:38.000000Z"}]}