Computer Security
[EN] securityvulns.ru no-pyccku


FUSE symbolic links vulnerability
Published:01.03.2011
Source:
SecurityVulns ID:11475
Type:local
Threat Level:
5/10
Description:It's possible to unmount arbitrary directories.
CVE:CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.)
 CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.)
 CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.)
Original documentdocumentUBUNTU, [USN-1077-1] FUSE vulnerabilities (01.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod