Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-3879

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

Related bugs and status

CVE-2010-3879 (Candidate) is related to these bugs:

Bug #670622: fusermount allows unmount any filesystem

		In	Importance	Status
670622	fusermount allows unmount any filesystem	fuse (Ubuntu)	Medium	Fix Released
670622	fusermount allows unmount any filesystem	fuse (Debian)	Unknown	Fix Released
670622	fusermount allows unmount any filesystem	fuse (Fedora)	Low	Fix Released
670622	fusermount allows unmount any filesystem	fuse (Suse)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.halfdog.net...
MISC: http://lists.grok.org....
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/70520
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://www.ubuntu.com/...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: https://exchange.xforc...
MISC: http://bugs.debian.org...
MISC: https://bugs.launchpad...
MISC: https://bugzilla.novel...