5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
29.4%
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries
with arbitrary pathnames, and consequently unmount any filesystem, via a
symlink attack on the parent directory of the mountpoint of a FUSE
filesystem, a different vulnerability than CVE-2010-0789.
Author | Note |
---|---|
mdeslaur | will also need to patch util-linux to get --no-canonicalize See novell bug for a bunch of commits, and new patches util-linux negligible (update only needed for fuse) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | fuse | < 2.7.2-1ubuntu2.2 | UNKNOWN |
ubuntu | 9.10 | noarch | fuse | < 2.7.4-1.1ubuntu4.4 | UNKNOWN |
ubuntu | 10.04 | noarch | fuse | < 2.8.1-1.1ubuntu2.2 | UNKNOWN |
ubuntu | 10.10 | noarch | fuse | < 2.8.4-1ubuntu1.1 | UNKNOWN |
ubuntu | 8.04 | noarch | util-linux | < 2.13.1-5ubuntu3.1 | UNKNOWN |
ubuntu | 9.10 | noarch | util-linux | < 2.16-1ubuntu5.1 | UNKNOWN |
ubuntu | 10.04 | noarch | util-linux | < 2.17.2-0ubuntu1.10.04.1 | UNKNOWN |
ubuntu | 10.10 | noarch | util-linux | < 2.17.2-0ubuntu1.10.10.1 | UNKNOWN |
seclists.org/fulldisclosure/2010/Nov/15
www.halfdog.net/Security/FuseTimerace/
launchpad.net/bugs/cve/CVE-2010-3879
nvd.nist.gov/vuln/detail/CVE-2010-3879
security-tracker.debian.org/tracker/CVE-2010-3879
ubuntu.com/security/notices/USN-1045-1
ubuntu.com/security/notices/USN-1045-2
www.cve.org/CVERecord?id=CVE-2010-3879