CVE-2010-3879
Published: 3 December 2010
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
Notes
| Author | Note |
|---|---|
| mdeslaur | will also need to patch util-linux to get --no-canonicalize See novell bug for a bunch of commits, and new patches util-linux negligible (update only needed for fuse) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
fuse Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Released
(2.7.2-1ubuntu2.2)
|
|
| karmic |
Released
(2.7.4-1.1ubuntu4.4)
|
|
| lucid |
Released
(2.8.1-1.1ubuntu2.2)
|
|
| maverick |
Released
(2.8.4-1ubuntu1.1)
|
|
| upstream |
Needs triage
|
|
|
util-linux Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Released
(2.13.1-5ubuntu3.1)
|
|
| karmic |
Released
(2.16-1ubuntu5.1)
|
|
| lucid |
Released
(2.17.2-0ubuntu1.10.04.1)
|
|
| maverick |
Released
(2.17.2-0ubuntu1.10.10.1)
|
|
| upstream |
Needs triage
|