Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2010-3879

Published: 3 December 2010

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

Notes

AuthorNote
mdeslaur
will also need to patch util-linux to get --no-canonicalize
See novell bug for a bunch of commits, and new patches
util-linux negligible (update only needed for fuse)

Priority

Medium

Status

Package Release Status
fuse
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (2.7.2-1ubuntu2.2)
karmic
Released (2.7.4-1.1ubuntu4.4)
lucid
Released (2.8.1-1.1ubuntu2.2)
maverick
Released (2.8.4-1ubuntu1.1)
upstream Needs triage

util-linux
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy
Released (2.13.1-5ubuntu3.1)
karmic
Released (2.16-1ubuntu5.1)
lucid
Released (2.17.2-0ubuntu1.10.04.1)
maverick
Released (2.17.2-0ubuntu1.10.10.1)
upstream Needs triage