CVE-2010-3879

Priority
Medium
Description
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries
with arbitrary pathnames, and consequently unmount any filesystem, via a
symlink attack on the parent directory of the mountpoint of a FUSE
filesystem, a different vulnerability than CVE-2010-0789.
References
Bugs
Notes
mdeslaur> will also need to patch util-linux to get --no-canonicalize
mdeslaur> See novell bug for a bunch of commits, and new patches
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.13.1-5ubuntu3.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.17.2-0ubuntu1.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (2.17.2-3.3ubuntu3)
Package
Source: fuse (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (2.7.2-1ubuntu2.2)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.8.1-1.1ubuntu2.2)
Ubuntu 11.04 (Natty Narwhal):released (2.8.4-1.1ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:30 UTC (commit 5347)