CVE-2018-7738

Name of the Vulnerable Software and Affected Versions JunOS version (affected versions not specified) util-linux versions prior to 2.32-rc1

Description The issue exists due to insufficient input validation in the srxpfe process of JunOS, allowing a remote attacker to cause a denial of service. In util-linux, local users can gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command. This can be demonstrated by logging in as root, entering umount, and then using a tab character for autocompletion.

Recommendations For JunOS, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For util-linux versions prior to 2.32-rc1, update to version 2.32-rc1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the umount command to minimize the risk of exploitation. Avoid using the umount command with autocompletion, especially when logged in as root, until the issue is resolved.