Mandriva Linux Security Advisory 2013-155 - FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. The updated packages have been patched to correct this issue.
4a573d4ac94a8fef29b69d8e2b6b66a8923d2d41fc74bc07033273f227d9c195Red Hat Security Advisory 2011-1083-01 - FUSE can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.
570a3ac9c4d8ba47567744f3a2508ef5c64019b15a6120d40f7b53ce18ed1cd0Ubuntu Security Notice 1045-2 - USN-1045-1 fixed vulnerabilities in FUSE. This update to util-linux adds support for new options required by the FUSE update. It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
9dfe9637b82cd643a16222a7581850b43631dfcc4d44daf9d73a7de814ac6851Ubuntu Security Notice 1045-1 - It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.
399b1067a6eaebe52f01c8282a859a5fc14006ac6116b81fa9b72ea1f136846f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed