Ubuntu has released advisories to correct this:
http://www.ubuntu.com/usn/usn-1045-1 (fuse) http://www.ubuntu.com/usn/usn-1045-2 (mount)
But I can still reproduce the issue on 10.04 LTS (although it doesn't like the Makefile too much):
user@ubuntu:~/CVE-2010-3879$ make [[ -x DirModifyInotify ]] && rm -f DirModifyInotify || : /bin/sh: [[: not found [[ -x FuseMinimal ]] && rm -f FuseMinimal || : /bin/sh: [[: not found [[ -L tmp ]] && rm -f tmp || : /bin/sh: [[: not found [[ -d tmp-moved ]] && rm -rf tmp-moved || : /bin/sh: [[: not found [[ -d tmp-moved ]] && sudo umount tmp-moved/proc && rm -rf tmp-moved || : /bin/sh: [[: not found gcc -o DirModifyInotify DirModifyInotify.c gcc -D_FILE_OFFSET_BITS=64 -lfuse -Wall FuseMinimal.c -o FuseMinimal ps ax | grep init | grep -v grep 1 ? Ss 0:01 /sbin/init sh Test.sh Using target call count 8 Move triggered at count 8 Cannot find /proc/version - is /proc mounted? make: *** [test] Error 1 user@ubuntu:~/CVE-2010-3879$ dpkg -l mount libfuse2 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii libfuse2 2.8.1-1.1ubunt Filesystem in USErspace library ii mount 2.17.2-0ubuntu Tools for mounting and manipulating filesyst
Those are the packages that are supposed to fix the flaw.
Ubuntu has released advisories to correct this:
http:// www.ubuntu. com/usn/ usn-1045- 1 (fuse) www.ubuntu. com/usn/ usn-1045- 2 (mount)
http://
But I can still reproduce the issue on 10.04 LTS (although it doesn't like the Makefile too much):
user@ubuntu: ~/CVE-2010- 3879$ make OFFSET_ BITS=64 -lfuse -Wall FuseMinimal.c -o FuseMinimal ~/CVE-2010- 3879$ dpkg -l mount libfuse2 Unknown/ Install/ Remove/ Purge/Hold Not/Inst/ Cfg-files/ Unpacked/ Failed- cfg/Half- inst/trig- aWait/Trig- pend /Reinst- required (Status,Err: uppercase=bad) ======= ====-== ======= =====-= ======= ======= ======= ======= ======= ======= =
[[ -x DirModifyInotify ]] && rm -f DirModifyInotify || :
/bin/sh: [[: not found
[[ -x FuseMinimal ]] && rm -f FuseMinimal || :
/bin/sh: [[: not found
[[ -L tmp ]] && rm -f tmp || :
/bin/sh: [[: not found
[[ -d tmp-moved ]] && rm -rf tmp-moved || :
/bin/sh: [[: not found
[[ -d tmp-moved ]] && sudo umount tmp-moved/proc && rm -rf tmp-moved || :
/bin/sh: [[: not found
gcc -o DirModifyInotify DirModifyInotify.c
gcc -D_FILE_
ps ax | grep init | grep -v grep
1 ? Ss 0:01 /sbin/init
sh Test.sh
Using target call count 8
Move triggered at count 8
Cannot find /proc/version - is /proc mounted?
make: *** [test] Error 1
user@ubuntu:
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Description
+++-===
ii libfuse2 2.8.1-1.1ubunt Filesystem in USErspace library
ii mount 2.17.2-0ubuntu Tools for mounting and manipulating filesyst
Those are the packages that are supposed to fix the flaw.