CVE-2010-3879

Priority
Medium
Description
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries
with arbitrary pathnames, and consequently unmount any filesystem, via a
symlink attack on the parent directory of the mountpoint of a FUSE
filesystem, a different vulnerability than CVE-2010-0789.
References
Bugs
Notes
 mdeslaur> will also need to patch util-linux to get --no-canonicalize
 mdeslaur> See novell bug for a bunch of commits, and new patches
Package
Upstream:needs-triage
Package
Source: fuse (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:03 UTC (commit 9756)