Veracode Vulnerability DatabaseVERACODE:24636Privilege Escalation
0.0004 Low
EPSS
Percentile
5.1%
fuse is vulnerable to privilege escalation. The vulnerability exists through the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fuse | eq | 2.8.3__1.el6 | |
| fuse | eq | 2.8.3__1.el6 |
References
fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f
fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
www.openwall.com/lists/oss-security/2011/02/02/2
www.openwall.com/lists/oss-security/2011/02/03/5
www.openwall.com/lists/oss-security/2011/02/08/4
access.redhat.com/errata/RHSA-2011:1083
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHBA-2011-0699.html
Related
