fusermount allows unmount any filesystem
Bug #670622 reported by
Paul Szabo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fuse (Debian) |
Fix Released
|
Unknown
|
|||
fuse (Fedora) |
Fix Released
|
Low
|
|||
fuse (Suse) |
Fix Released
|
Medium
|
|||
fuse (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: fuse-utils
As reported on a public mailing list, fusermount in Ubuntu allows
unprivileged users to unmount anything. For details, please see:
http://
http://
Cheers,
Paul Szabo <email address hidden> http://
School of Mathematics and Statistics University of Sydney Australia
Related branches
visibility: | private → public |
Changed in fuse (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in fuse (Suse): | |
importance: | Unknown → Medium |
status: | Unknown → In Progress |
Changed in fuse (Debian): | |
status: | Unknown → New |
Changed in fuse (Suse): | |
status: | In Progress → Fix Released |
Changed in fuse (Debian): | |
status: | New → Fix Released |
Changed in fuse (Fedora): | |
importance: | Unknown → Low |
status: | Unknown → Fix Released |
To post a comment you must log in.
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.
------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -
Date: Thu, 04 Nov 2010 15:45:33 -0400
From: Marc Deslauriers <email address hidden>
Subject: [oss-security] CVE request: fuse
Hello,
There is an issue with FUSE that lets unprivileged users unmount
arbitrary locations via a symlink attack. This is a different issue than
CVE-2009-3297 and CVE-2010-0789.
Ref.:
http:// seclists. org/fulldisclos ure/2010/ Nov/15 www.halfdog. net/Security/ FuseTimerace/
http://
Thanks,
Marc.
-- www.ubuntu. com/ www.canonical. com/
Marc Deslauriers
Ubuntu Security Engineer | http://
Canonical Ltd. | http://