Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
{"ubuntucve": [{"lastseen": "2022-08-04T14:34:38", "description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when\nutil-linux does not support the --no-canonicalize option, allows local\nusers to bypass intended access restrictions and unmount arbitrary\ndirectories via a symlink attack.", "cvss3": {}, "published": "2011-02-10T00:00:00", "type": "ubuntucve", "title": "CVE-2011-0543", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0543"], "modified": "2011-02-10T00:00:00", "id": "UB:CVE-2011-0543", "href": "https://ubuntu.com/security/CVE-2011-0543", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:57:10", "description": "fuse is vulnerable to privilege escalation. The vulnerability exists through the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.\n", "cvss3": {}, "published": "2020-04-10T00:59:44", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0543"], "modified": "2022-04-19T18:19:05", "id": "VERACODE:24638", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24638/summary", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:38:43", "description": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.", "cvss3": {}, "published": "2011-09-02T23:55:00", "type": "cve", "title": "CVE-2011-0543", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0543"], "modified": "2014-02-12T04:26:00", "cpe": ["cpe:/a:fuse:fuse:2.3", "cpe:/a:fuse:fuse:2.7.5", "cpe:/a:fuse:fuse:2.3.0", "cpe:/a:fuse:fuse:2.5.1", "cpe:/a:fuse:fuse:2.5.3", "cpe:/a:fuse:fuse:2.7.4", "cpe:/a:fuse:fuse:2.5.0", "cpe:/a:fuse:fuse:2.4.0", "cpe:/a:fuse:fuse:2.8.4", "cpe:/a:fuse:fuse:2.4.1", "cpe:/a:fuse:fuse:2.7.6", "cpe:/a:fuse:fuse:2.5.2", "cpe:/a:fuse:fuse:2.2.1", "cpe:/a:fuse:fuse:2.0", "cpe:/a:fuse:fuse:2.8.5", "cpe:/a:fuse:fuse:2.6.1", "cpe:/a:fuse:fuse:2.7.2", "cpe:/a:fuse:fuse:2.6.0", "cpe:/a:fuse:fuse:2.8.1", "cpe:/a:fuse:fuse:2.4.2", "cpe:/a:fuse:fuse:1.9", "cpe:/a:fuse:fuse:2.2", "cpe:/a:fuse:fuse:2.8.0", "cpe:/a:fuse:fuse:2.6.5", "cpe:/a:fuse:fuse:2.8.3", "cpe:/a:fuse:fuse:2.7.1", "cpe:/a:fuse:fuse:2.8.2", "cpe:/a:fuse:fuse:2.7.3", "cpe:/a:fuse:fuse:2.6.3", "cpe:/a:fuse:fuse:2.1", "cpe:/a:fuse:fuse:2.7.0"], "id": "CVE-2011-0543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0543", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:fuse:fuse:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2023-01-11T14:26:39", "description": "The following security issues were fixed in fuse and util-linux :\n\n - FUSE allowed local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of symlinks, which might have allowed local attackers to mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the mtab file. (CVE-2011-0543)\n\nAdditional two bugs were fixed in util-linux :\n\n - fixed retrying nfs mounts on rpc timeouts\n\n - allow seperate control of the internet protocol uses by rpc.mount seperately of the protocol used by nfs.\n\nNew features were implemented: - mount now has --fake and\n--no-canonicalize options, required for the symlink security fixes.\nThese were backported from mainline.", "cvss3": {}, "published": "2011-04-01T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : FUSE (ZYPP Patch Number 7362)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0543"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_UTIL-LINUX-AND-FUSE-201103-7362.NASL", "href": "https://www.tenable.com/plugins/nessus/53256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53256);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0543\");\n\n script_name(english:\"SuSE 10 Security Update : FUSE (ZYPP Patch Number 7362)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in fuse and util-linux :\n\n - FUSE allowed local users to create mtab entries with\n arbitrary pathnames, and consequently unmount any\n filesystem, via a symlink attack on the parent directory\n of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of\n symlinks, which might have allowed local attackers to\n mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the\n mtab file. (CVE-2011-0543)\n\nAdditional two bugs were fixed in util-linux :\n\n - fixed retrying nfs mounts on rpc timeouts\n\n - allow seperate control of the internet protocol uses by\n rpc.mount seperately of the protocol used by nfs.\n\nNew features were implemented: - mount now has --fake and\n--no-canonicalize options, required for the symlink security fixes.\nThese were backported from mainline.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0543.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7362.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"fuse-2.7.2-15.10.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"fuse-devel-2.7.2-15.10.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"libfuse2-2.7.2-15.10.11.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"util-linux-2.12r-35.41.43.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"util-linux-2.12r-35.41.43.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:13", "description": "The following security issues were fixed :\n\n - FUSE allowed local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of symlinks, which might have allowed local attackers to mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the mtab file. Four bugs were fixed:. (CVE-2011-0543)\n\n - fixed retrying nfs mounts on rpc timeouts\n\n - allow seperate control of the internet protocol uses by rpc.mount seperately of the protocol used by nfs.\n\n - Fixed locking in libuuid/uuid to avoid duplicate uuids.\n\n - mkswap bad block check marked every block bad in O(n!) time on a good device New features were implemented :\n\n - mount now has --fake and --no-canonicalize options, required for the symlink security fixes. These were backported from mainline.\n\n - mount can now auto-detect and differentiate between squashfs3 and squashfs (v4) filesystems, allowing backward compatibility to the SUSE Linux Enterprise 11 GA codebase.", "cvss3": {}, "published": "2011-03-31T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : FUSE (SAT Patch Number 4095)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0543"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:fuse", "p-cpe:/a:novell:suse_linux:11:libblkid1", "p-cpe:/a:novell:suse_linux:11:libfuse2", "p-cpe:/a:novell:suse_linux:11:libuuid-devel", "p-cpe:/a:novell:suse_linux:11:libuuid1", "p-cpe:/a:novell:suse_linux:11:libuuid1-32bit", "p-cpe:/a:novell:suse_linux:11:util-linux", "p-cpe:/a:novell:suse_linux:11:util-linux-lang", "p-cpe:/a:novell:suse_linux:11:uuid-runtime", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_UTIL-LINUX-AND-FUSE-201103-110302.NASL", "href": "https://www.tenable.com/plugins/nessus/53231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53231);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0543\");\n\n script_name(english:\"SuSE 11.1 Security Update : FUSE (SAT Patch Number 4095)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed :\n\n - FUSE allowed local users to create mtab entries with\n arbitrary pathnames, and consequently unmount any\n filesystem, via a symlink attack on the parent directory\n of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of\n symlinks, which might have allowed local attackers to\n mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the\n mtab file. Four bugs were fixed:. (CVE-2011-0543)\n\n - fixed retrying nfs mounts on rpc timeouts\n\n - allow seperate control of the internet protocol uses by\n rpc.mount seperately of the protocol used by nfs.\n\n - Fixed locking in libuuid/uuid to avoid duplicate uuids.\n\n - mkswap bad block check marked every block bad in O(n!)\n time on a good device New features were implemented :\n\n - mount now has --fake and --no-canonicalize options,\n required for the symlink security fixes. These were\n backported from mainline.\n\n - mount can now auto-detect and differentiate between\n squashfs3 and squashfs (v4) filesystems, allowing\n backward compatibility to the SUSE Linux Enterprise 11\n GA codebase.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=635393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=663385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=666893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=667215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0543.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4095.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfuse2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libuuid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:util-linux-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:uuid-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"fuse-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libblkid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libfuse2-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libuuid-devel-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libuuid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"util-linux-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"util-linux-lang-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"uuid-runtime-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"fuse-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libblkid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libfuse2-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libuuid-devel-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libuuid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libuuid1-32bit-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"util-linux-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"util-linux-lang-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"uuid-runtime-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"fuse-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libblkid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libfuse2-2.7.2-61.23.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libuuid1-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"util-linux-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"util-linux-lang-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"uuid-runtime-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libuuid1-32bit-2.16-6.11.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libuuid1-32bit-2.16-6.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:29:40", "description": "Race conditions in fuse allowed unprivileged users to umount arbitrary mount points (CVE-2011-0541,CVE-2010-3879,CVE-2011-0543).", "cvss3": {}, "published": "2011-05-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : fuse (openSUSE-SU-2011:0265-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0543"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fuse", "p-cpe:/a:novell:opensuse:fuse-devel", "p-cpe:/a:novell:opensuse:fuse-devel-static", "p-cpe:/a:novell:opensuse:libblkid-devel", "p-cpe:/a:novell:opensuse:libblkid-devel-32bit", "p-cpe:/a:novell:opensuse:libblkid1", "p-cpe:/a:novell:opensuse:libblkid1-32bit", "p-cpe:/a:novell:opensuse:libfuse2", "p-cpe:/a:novell:opensuse:libfuse2-32bit", "p-cpe:/a:novell:opensuse:libuuid-devel", "p-cpe:/a:novell:opensuse:libuuid-devel-32bit", "p-cpe:/a:novell:opensuse:libuuid1", "p-cpe:/a:novell:opensuse:libuuid1-32bit", "p-cpe:/a:novell:opensuse:util-linux", "p-cpe:/a:novell:opensuse:util-linux-lang", "p-cpe:/a:novell:opensuse:uuidd", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_FUSE-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/53724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fuse-4183.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53724);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0543\");\n\n script_name(english:\"openSUSE Security Update : fuse (openSUSE-SU-2011:0265-1)\");\n script_summary(english:\"Check for the fuse-4183 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Race conditions in fuse allowed unprivileged users to umount arbitrary\nmount points (CVE-2011-0541,CVE-2010-3879,CVE-2011-0543).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00039.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected fuse packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"fuse-2.7.4-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"fuse-devel-2.7.4-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"fuse-devel-static-2.7.4-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libblkid-devel-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libblkid1-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libfuse2-2.7.4-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libuuid-devel-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libuuid1-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"util-linux-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"util-linux-lang-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"uuidd-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libblkid-devel-32bit-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libblkid1-32bit-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libfuse2-32bit-2.7.4-3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libuuid-devel-32bit-2.16-4.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libuuid1-32bit-2.16-4.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse / fuse-devel / fuse-devel-static / libblkid-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:48", "description": "The following security issues were fixed in fuse :\n\n - FUSE allowed local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of symlinks, which might have allowed local attackers to mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the mtab file. (CVE-2011-0543)", "cvss3": {}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : fuse (ZYPP Patch Number 7418)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0543"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_UTIL-LINUX-AND-FUSE-201103-7418.NASL", "href": "https://www.tenable.com/plugins/nessus/57257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57257);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0543\");\n\n script_name(english:\"SuSE 10 Security Update : fuse (ZYPP Patch Number 7418)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following security issues were fixed in fuse :\n\n - FUSE allowed local users to create mtab entries with\n arbitrary pathnames, and consequently unmount any\n filesystem, via a symlink attack on the parent directory\n of the mountpoint of a FUSE filesystem. (CVE-2010-3879)\n\n - Avoid mounting a directory including evaluation of\n symlinks, which might have allowed local attackers to\n mount filesystems anywhere in the system.\n (CVE-2011-0541)\n\n - Avoid symlink attacks on the mount point written in the\n mtab file. (CVE-2011-0543)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3879.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-0543.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7418.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"fuse-2.7.2-15.10.11.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"fuse-devel-2.7.2-15.10.11.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"libfuse2-2.7.2-15.10.11.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-18T14:31:20", "description": "Race conditions in fuse allowed unprivileged users to umount arbitrary mount points (CVE-2011-0541,CVE-2010-3879,CVE-2011-0543).", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : fuse (openSUSE-SU-2011:0264-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0543"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fuse", "p-cpe:/a:novell:opensuse:fuse-devel", "p-cpe:/a:novell:opensuse:fuse-devel-static", "p-cpe:/a:novell:opensuse:libblkid-devel", "p-cpe:/a:novell:opensuse:libblkid-devel-32bit", "p-cpe:/a:novell:opensuse:libblkid1", "p-cpe:/a:novell:opensuse:libblkid1-32bit", "p-cpe:/a:novell:opensuse:libfuse2", "p-cpe:/a:novell:opensuse:libfuse2-32bit", "p-cpe:/a:novell:opensuse:libuuid-devel", "p-cpe:/a:novell:opensuse:libuuid-devel-32bit", "p-cpe:/a:novell:opensuse:libuuid1", "p-cpe:/a:novell:opensuse:libuuid1-32bit", "p-cpe:/a:novell:opensuse:util-linux", "p-cpe:/a:novell:opensuse:util-linux-lang", "p-cpe:/a:novell:opensuse:uuidd", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_FUSE-110228.NASL", "href": "https://www.tenable.com/plugins/nessus/75508", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update fuse-4184.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75508);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0543\");\n\n script_name(english:\"openSUSE Security Update : fuse (openSUSE-SU-2011:0264-1)\");\n script_summary(english:\"Check for the fuse-4184 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Race conditions in fuse allowed unprivileged users to umount arbitrary\nmount points (CVE-2011-0541,CVE-2010-3879,CVE-2011-0543).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=651598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=668820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-03/msg00038.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected fuse packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fuse-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfuse2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"fuse-2.8.5-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"fuse-devel-2.8.5-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"fuse-devel-static-2.8.5-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libblkid-devel-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libblkid1-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libfuse2-2.8.5-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libuuid-devel-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libuuid1-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"util-linux-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"util-linux-lang-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"uuidd-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libblkid-devel-32bit-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libblkid1-32bit-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libfuse2-32bit-2.8.5-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libuuid-devel-32bit-2.17.2-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libuuid1-32bit-2.17.2-6.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse / fuse-devel / fuse-devel-static / libblkid-devel / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:12", "description": "FUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : fuse on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110720_FUSE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61086", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61086);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3879\");\n\n script_name(english:\"Scientific Linux Security Update : fuse on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"FUSE (Filesystem in Userspace) can implement a fully functional file\nsystem in a user-space program. These packages provide the mount\nutility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting\nand unmounting of directories when symbolic links were present. A\nlocal user in the fuse group could use these flaws to unmount file\nsystems, which they would otherwise not be able to unmount and that\nwere not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=1447\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51ceb0c0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"fuse-2.8.3-3.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"fuse-debuginfo-2.8.3-3.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"fuse-devel-2.8.3-3.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"fuse-libs-2.8.3-3.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:23", "description": "From Red Hat Security Advisory 2011:1083 :\n\nUpdated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nNote: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws.\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : fuse (ELSA-2011-1083)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:fuse", "p-cpe:/a:oracle:linux:fuse-devel", "p-cpe:/a:oracle:linux:fuse-libs", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/68309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1083 and \n# Oracle Linux Security Advisory ELSA-2011-1083 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68309);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_bugtraq_id(44623, 46103);\n script_xref(name:\"RHSA\", value:\"2011:1083\");\n\n script_name(english:\"Oracle Linux 6 : fuse (ELSA-2011-1083)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1083 :\n\nUpdated fuse packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFUSE (Filesystem in Userspace) can implement a fully functional file\nsystem in a user-space program. These packages provide the mount\nutility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting\nand unmounting of directories when symbolic links were present. A\nlocal user in the fuse group could use these flaws to unmount file\nsystems, which they would otherwise not be able to unmount and that\nwere not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nNote: The util-linux-ng RHBA-2011:0699 update must also be installed\nto fully correct the above flaws.\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002237.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected fuse packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"fuse-2.8.3-3.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"fuse-devel-2.8.3-3.el6_1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"fuse-libs-2.8.3-3.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse / fuse-devel / fuse-libs\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:23:02", "description": "It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : fuse vulnerabilities (USN-1077-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0789", "CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:fuse-source", "p-cpe:/a:canonical:ubuntu_linux:fuse-utils", "p-cpe:/a:canonical:ubuntu_linux:libfuse-dev", "p-cpe:/a:canonical:ubuntu_linux:libfuse2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10"], "id": "UBUNTU_USN-1077-1.NASL", "href": "https://www.tenable.com/plugins/nessus/52479", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1077-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52479);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2010-0789\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_bugtraq_id(37983, 46103);\n script_xref(name:\"USN\", value:\"1077-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : fuse vulnerabilities (USN-1077-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that FUSE would incorrectly follow symlinks when\nchecking mountpoints under certain conditions. A local attacker, with\naccess to use FUSE, could unmount arbitrary locations, leading to a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1077-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fuse-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fuse-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfuse-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfuse2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"fuse-source\", pkgver:\"2.7.2-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"fuse-utils\", pkgver:\"2.7.2-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfuse-dev\", pkgver:\"2.7.2-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfuse2\", pkgver:\"2.7.2-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"fuse-utils\", pkgver:\"2.7.4-1.1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfuse-dev\", pkgver:\"2.7.4-1.1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"libfuse2\", pkgver:\"2.7.4-1.1ubuntu4.5\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"fuse-utils\", pkgver:\"2.8.1-1.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfuse-dev\", pkgver:\"2.8.1-1.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfuse2\", pkgver:\"2.8.1-1.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"fuse-utils\", pkgver:\"2.8.4-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfuse-dev\", pkgver:\"2.8.4-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfuse2\", pkgver:\"2.8.4-1ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse-source / fuse-utils / libfuse-dev / libfuse2\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-01-11T14:34:19", "description": "Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nNote: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws.\n\nAll users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2011-07-21T00:00:00", "type": "nessus", "title": "RHEL 6 : fuse (RHSA-2011:1083)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:fuse", "p-cpe:/a:redhat:enterprise_linux:fuse-debuginfo", "p-cpe:/a:redhat:enterprise_linux:fuse-devel", "p-cpe:/a:redhat:enterprise_linux:fuse-libs", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/55635", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1083. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55635);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_bugtraq_id(44623, 46103);\n script_xref(name:\"RHSA\", value:\"2011:1083\");\n\n script_name(english:\"RHEL 6 : fuse (RHSA-2011:1083)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated fuse packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nFUSE (Filesystem in Userspace) can implement a fully functional file\nsystem in a user-space program. These packages provide the mount\nutility, fusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting\nand unmounting of directories when symbolic links were present. A\nlocal user in the fuse group could use these flaws to unmount file\nsystems, which they would otherwise not be able to unmount and that\nwere not mounted using FUSE, via a symbolic link attack.\n(CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543)\n\nNote: The util-linux-ng RHBA-2011:0699 update must also be installed\nto fully correct the above flaws.\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0543\"\n );\n # https://rhn.redhat.com/errata/RHBA-2011-0699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2011:0699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1083\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fuse-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1083\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"fuse-2.8.3-3.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"fuse-2.8.3-3.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"fuse-2.8.3-3.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"fuse-debuginfo-2.8.3-3.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"fuse-devel-2.8.3-3.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"fuse-libs-2.8.3-3.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fuse / fuse-debuginfo / fuse-devel / fuse-libs\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:41", "description": "It's possible to unmount arbitrary directories.", "edition": 1, "cvss3": {}, "published": "2011-03-01T00:00:00", "type": "securityvulns", "title": "FUSE symbolic links vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0542", "CVE-2011-0543", "CVE-2011-0541"], "modified": "2011-03-01T00:00:00", "id": "SECURITYVULNS:VULN:11475", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11475", "sourceData": "", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:39", "description": "===========================================================\r\nUbuntu Security Notice USN-1077-1 February 28, 2011\r\nfuse vulnerabilities\r\nCVE-2009-3297, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n fuse-utils 2.7.2-1ubuntu2.3\r\n\r\nUbuntu 9.10:\r\n fuse-utils 2.7.4-1.1ubuntu4.5\r\n\r\nUbuntu 10.04 LTS:\r\n fuse-utils 2.8.1-1.1ubuntu3.1\r\n\r\nUbuntu 10.10:\r\n fuse-utils 2.8.4-1ubuntu1.3\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that FUSE would incorrectly follow symlinks when checking\r\nmountpoints under certain conditions. A local attacker, with access to use\r\nFUSE, could unmount arbitrary locations, leading to a denial of service.\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.2-1ubuntu2.3.diff.gz\r\n Size/MD5: 24330 d6ef479dae54fbe76fa652c172239905\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.2-1ubuntu2.3.dsc\r\n Size/MD5: 1551 a078e7da97c67a2e8932974152daa1d2\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.2.orig.tar.gz\r\n Size/MD5: 505855 813782a4f23211386c1ea91dc0ac7ded\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/universe/f/fuse/fuse-source_2.7.2-1ubuntu2.3_all.deb\r\n Size/MD5: 191676 b3f6c0093d178ce8e76f6592803ec8a7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.7.2-1ubuntu2.3_amd64.udeb\r\n Size/MD5: 19762 3dbb99bb10afa5e8580639d41309ca3d\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.7.2-1ubuntu2.3_amd64.deb\r\n Size/MD5: 23064 ed4e1f161d2018dbce11fad969ce4b39\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.7.2-1ubuntu2.3_amd64.deb\r\n Size/MD5: 167036 1bd5f2ffdeb23a251939d6600fabe96e\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.7.2-1ubuntu2.3_amd64.udeb\r\n Size/MD5: 55546 6ddebf5875a60a59182109ec0630f913\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.7.2-1ubuntu2.3_amd64.deb\r\n Size/MD5: 131644 90a5e215cdc19c862fcfa075d9f0e541\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.7.2-1ubuntu2.3_i386.udeb\r\n Size/MD5: 17826 66d83ca40fb67c83e05d1a44a8622426\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.7.2-1ubuntu2.3_i386.deb\r\n Size/MD5: 21102 9297e1368899103d96d48392b4b4dc8c\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.7.2-1ubuntu2.3_i386.deb\r\n Size/MD5: 155542 b17c48ef18df2d52c7d91623c2e707c9\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.7.2-1ubuntu2.3_i386.udeb\r\n Size/MD5: 49892 5e8748580b4d8ec1c37ee97d00b101e0\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.7.2-1ubuntu2.3_i386.deb\r\n Size/MD5: 125352 25ed0a8c070abc4b9345b1bf254c6db9\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.2-1ubuntu2.3_lpia.udeb\r\n Size/MD5: 17862 d147f034c63b04aaeffd083ff30e5445\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.2-1ubuntu2.3_lpia.deb\r\n Size/MD5: 21138 bcc85dc0d9aa1973ead2c86f73be5a2a\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.2-1ubuntu2.3_lpia.deb\r\n Size/MD5: 155216 4ad62bef3195f4a87a418514fd0d644e\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.2-1ubuntu2.3_lpia.udeb\r\n Size/MD5: 48880 23b7a60d3980bace5fb73e3a8cbfe0fb\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.2-1ubuntu2.3_lpia.deb\r\n Size/MD5: 124416 88d4c437a14924d9f216af6f80c7e0cc\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.2-1ubuntu2.3_powerpc.udeb\r\n Size/MD5: 20450 e8129436745cdb1ea94003ed147fb1df\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.2-1ubuntu2.3_powerpc.deb\r\n Size/MD5: 23738 c46e9a8f48acabfbbd91cbeb3c50da22\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.2-1ubuntu2.3_powerpc.deb\r\n Size/MD5: 164144 7d444b274b9804b7a4e15071a10c69ae\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.2-1ubuntu2.3_powerpc.udeb\r\n Size/MD5: 56026 6755a969f53d79606407ebf7d2103010\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.2-1ubuntu2.3_powerpc.deb\r\n Size/MD5: 131934 2127225883583b481e7bc0266b257d1a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.2-1ubuntu2.3_sparc.udeb\r\n Size/MD5: 18230 002d99fb23af61dfead1790116c89b8a\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.2-1ubuntu2.3_sparc.deb\r\n Size/MD5: 21514 64e1f98b93d4ac7af57b745d4131202f\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.2-1ubuntu2.3_sparc.deb\r\n Size/MD5: 155656 b9703b6b2f10f71d0f9bffe048914856\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.2-1ubuntu2.3_sparc.udeb\r\n Size/MD5: 45436 5083f3b6e9f5f3de6e97cfb514e53b9d\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.2-1ubuntu2.3_sparc.deb\r\n Size/MD5: 121228 15ebefbf649fb37f95e2a6c1943834e9\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.4-1.1ubuntu4.5.diff.gz\r\n Size/MD5: 24833 9c049def4fb7fd4ce94dd7c8e0921ccb\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.4-1.1ubuntu4.5.dsc\r\n Size/MD5: 1930 6a18591fb326138efd34c2593764af64\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.7.4.orig.tar.gz\r\n Size/MD5: 506658 4879f06570d2225667534c37fea04213\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_amd64.udeb\r\n Size/MD5: 20102 3ff07a24fe6f515a4e7cbd4ddf45ff63\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_amd64.deb\r\n Size/MD5: 23914 05de56ae792d86d17d73f484f0fc82af\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_amd64.deb\r\n Size/MD5: 169654 b56d95524c43fbbe1f1b099ebfbba7dc\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_amd64.udeb\r\n Size/MD5: 57422 8c408b1fa6e1904bf8503902f67d8f08\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_amd64.deb\r\n Size/MD5: 135362 d4d9cef8269364552d181b4e1b0016a1\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_i386.udeb\r\n Size/MD5: 17950 2fad843873d07539540144795a387342\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_i386.deb\r\n Size/MD5: 21840 2ce71bc498b7396ee53d26c065d835a0\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_i386.deb\r\n Size/MD5: 160342 6a7fc6b147467dc7816df6b58ef92d49\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_i386.udeb\r\n Size/MD5: 52454 51aa918d74b7bbb7c2a8e02235b64987\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_i386.deb\r\n Size/MD5: 130032 6e2c9ef971f927a1892c9cf5f869301b\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_armel.udeb\r\n Size/MD5: 17238 5857d07831ee66c7cbc362b912df2533\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_armel.deb\r\n Size/MD5: 21040 a42f5f65cd073af460659d4c137aa529\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_armel.deb\r\n Size/MD5: 160052 9229a1a84471682ec45f82830263c55c\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_armel.udeb\r\n Size/MD5: 47668 9cdfc5a225a364f75de796292ac59bed\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_armel.deb\r\n Size/MD5: 125520 95fc58d407dead9c020a5fd515afdce6\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_lpia.udeb\r\n Size/MD5: 17744 886ddfee4a0f3b942e2cf601cd7b6ab8\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_lpia.deb\r\n Size/MD5: 21530 2cca706891edaf4da8c06e055e772987\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_lpia.deb\r\n Size/MD5: 159716 a3d250ecf64cfeaa04af0163bd4990c8\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_lpia.udeb\r\n Size/MD5: 51640 1d487a223cf2bca0aa32ed7a1ef5a21b\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_lpia.deb\r\n Size/MD5: 129392 3b4e3c8d0307b5ad4f6c18f04b7e5266\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_powerpc.udeb\r\n Size/MD5: 19688 46e7d230089fca60def742fc263e07d2\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_powerpc.deb\r\n Size/MD5: 23508 9b1a83f1ea9b2439fe2b42a42286bbc0\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_powerpc.deb\r\n Size/MD5: 168430 93251e8435140e4cc60124263331f2cd\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_powerpc.udeb\r\n Size/MD5: 55560 4111ec7eafcef0d0e4206467f4a01f4f\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_powerpc.deb\r\n Size/MD5: 133426 2b542932f7272f0b0ec87e7efe2787af\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.7.4-1.1ubuntu4.5_sparc.udeb\r\n Size/MD5: 18446 2dc6bd2ae1b79d175f91f6f203ea3809\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.7.4-1.1ubuntu4.5_sparc.deb\r\n Size/MD5: 22164 d29683424f78bf73afc93a7874454895\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.7.4-1.1ubuntu4.5_sparc.deb\r\n Size/MD5: 159006 46c14ac3cbe6db63a82260daf85bb256\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.7.4-1.1ubuntu4.5_sparc.udeb\r\n Size/MD5: 46960 5e077953c5a3a34f5d6a59a370c701f0\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.7.4-1.1ubuntu4.5_sparc.deb\r\n Size/MD5: 124478 7fffa6dc43a95d297e11f2cd9b535ad0\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.1-1.1ubuntu3.1.diff.gz\r\n Size/MD5: 27383 0d3a2d5c7858db66234aec282f7176d0\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.1-1.1ubuntu3.1.dsc\r\n Size/MD5: 1996 011e99d872ef8aa01bfd5aa53e2f348c\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.1.orig.tar.gz\r\n Size/MD5: 492871 0e3505ce90155983f1bc995eb2cf6fa7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.8.1-1.1ubuntu3.1_amd64.udeb\r\n Size/MD5: 20388 382799e8cee24000ad7799c8ebd7db33\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.8.1-1.1ubuntu3.1_amd64.deb\r\n Size/MD5: 24208 283f2ac7b381e11c9af5a871e96570df\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.8.1-1.1ubuntu3.1_amd64.deb\r\n Size/MD5: 192686 a96dcf967a1427caa6776d6d71ec9457\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.8.1-1.1ubuntu3.1_amd64.udeb\r\n Size/MD5: 66248 14b6c7c4b8130e9e2601e78744157c43\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.8.1-1.1ubuntu3.1_amd64.deb\r\n Size/MD5: 146990 9b8145bc15f9a86ef616e62b13831d5e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.8.1-1.1ubuntu3.1_i386.udeb\r\n Size/MD5: 18158 1de7e203625f93e85c1cc11e04ecd41b\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.8.1-1.1ubuntu3.1_i386.deb\r\n Size/MD5: 21954 d49864b9a93cdd555c69a2cbe8fb837d\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.8.1-1.1ubuntu3.1_i386.deb\r\n Size/MD5: 182370 665f2fcdde89328392b2ae5db1b2630e\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.8.1-1.1ubuntu3.1_i386.udeb\r\n Size/MD5: 60032 fa2077e242ba8a21ef6bbfd26e2a486c\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.8.1-1.1ubuntu3.1_i386.deb\r\n Size/MD5: 140994 65bb5ee219c2d0b9db9e4db5bb7f11f4\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.8.1-1.1ubuntu3.1_armel.udeb\r\n Size/MD5: 18064 a1d99925bbcfaca8cac5ed4dfd8b9df6\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.8.1-1.1ubuntu3.1_armel.deb\r\n Size/MD5: 21850 894db98deaeb66721d7ba06825dddbba\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.8.1-1.1ubuntu3.1_armel.deb\r\n Size/MD5: 178222 0e3d1eb2665f6ac44df9e3ac8182e43e\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.8.1-1.1ubuntu3.1_armel.udeb\r\n Size/MD5: 53700 fd8861443866d5f659a4331103f1eca3\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.8.1-1.1ubuntu3.1_armel.deb\r\n Size/MD5: 134716 c0d08481ba72a1c6926a07e29d7aee13\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.8.1-1.1ubuntu3.1_powerpc.udeb\r\n Size/MD5: 20040 516a6c3b11352da22fcc22319ad56a25\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.8.1-1.1ubuntu3.1_powerpc.deb\r\n Size/MD5: 23876 f2a924de9119c57f7e4bf34426865e80\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.8.1-1.1ubuntu3.1_powerpc.deb\r\n Size/MD5: 191136 830083f9468bb6bb2290f93f16f00b83\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.8.1-1.1ubuntu3.1_powerpc.udeb\r\n Size/MD5: 63854 467234c09768893281e7bdc794658bc2\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.8.1-1.1ubuntu3.1_powerpc.deb\r\n Size/MD5: 144984 2e594032c64eafde2ff366ffb777013b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.8.1-1.1ubuntu3.1_sparc.udeb\r\n Size/MD5: 18964 26de22a9b8918a00968be8c31a7ea265\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.8.1-1.1ubuntu3.1_sparc.deb\r\n Size/MD5: 22718 c1a1f5fe860a45f31b349a1b228bfb8b\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.8.1-1.1ubuntu3.1_sparc.deb\r\n Size/MD5: 182658 accb56fdc8fef4bac382ce589ce3eec4\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.8.1-1.1ubuntu3.1_sparc.udeb\r\n Size/MD5: 55890 b79b05de370ac42e9560c7e06a268f87\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.8.1-1.1ubuntu3.1_sparc.deb\r\n Size/MD5: 136778 bb557348464c308559bd9815d6d996bb\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.4-1ubuntu1.3.diff.gz\r\n Size/MD5: 26643 f5c240a86786c2b93a8cab4ee7893c15\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.4-1ubuntu1.3.dsc\r\n Size/MD5: 1988 a1cb4ea59c6a578179d7037ecd268907\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse_2.8.4.orig.tar.gz\r\n Size/MD5: 500345 a26ec54e410bb826a387947b10c0fd2c\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.8.4-1ubuntu1.3_amd64.udeb\r\n Size/MD5: 20260 6f37a491480378014e428ecdbeb08e52\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.8.4-1ubuntu1.3_amd64.deb\r\n Size/MD5: 24040 f51d84256660cbd36fd8612d501ce932\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.8.4-1ubuntu1.3_amd64.deb\r\n Size/MD5: 195002 59e25dc6c142c9ce725923dca0fe573c\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.8.4-1ubuntu1.3_amd64.udeb\r\n Size/MD5: 65334 569c694837796e75c0d82c0a53563373\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.8.4-1ubuntu1.3_amd64.deb\r\n Size/MD5: 146910 0d0410a4f0b65d399944d94f90fdc3df\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils-udeb_2.8.4-1ubuntu1.3_i386.udeb\r\n Size/MD5: 17862 535c4fb2759f51247ce8ba630aafa452\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/fuse-utils_2.8.4-1ubuntu1.3_i386.deb\r\n Size/MD5: 21610 b3cefaccfbf168ffffbff75901f6ec60\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse-dev_2.8.4-1ubuntu1.3_i386.deb\r\n Size/MD5: 182926 7fb995c285713dfa630c8ac4a81310c5\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2-udeb_2.8.4-1ubuntu1.3_i386.udeb\r\n Size/MD5: 59080 7119f7a2f332dfe89630d2a7fc050864\r\n http://security.ubuntu.com/ubuntu/pool/main/f/fuse/libfuse2_2.8.4-1ubuntu1.3_i386.deb\r\n Size/MD5: 140702 897651de0e309043a0dfc58a418dfceb\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.8.4-1ubuntu1.3_armel.udeb\r\n Size/MD5: 18186 02b92694474f68190f901da23141a8f5\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.8.4-1ubuntu1.3_armel.deb\r\n Size/MD5: 21908 4ec38f3805f701a10165858e9047335f\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.8.4-1ubuntu1.3_armel.deb\r\n Size/MD5: 183870 026b0b3565944da79c418d9b1ef1fd51\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.8.4-1ubuntu1.3_armel.udeb\r\n Size/MD5: 54132 271dec8cced892d81eea719f7cda195e\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.8.4-1ubuntu1.3_armel.deb\r\n Size/MD5: 135802 938589f225f01fea39196503dcc001d0\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils-udeb_2.8.4-1ubuntu1.3_powerpc.udeb\r\n Size/MD5: 19764 c0409b7f7a5544e95005ea64c2cbb80c\r\n http://ports.ubuntu.com/pool/main/f/fuse/fuse-utils_2.8.4-1ubuntu1.3_powerpc.deb\r\n Size/MD5: 23550 28ad2a280f9138ab89332aae09466e08\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse-dev_2.8.4-1ubuntu1.3_powerpc.deb\r\n Size/MD5: 191850 96b56ce1c29ff4dc3c208c6b9c932c2d\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2-udeb_2.8.4-1ubuntu1.3_powerpc.udeb\r\n Size/MD5: 62958 a42f1e6f53fd70e934ea9e30b8a3fd71\r\n http://ports.ubuntu.com/pool/main/f/fuse/libfuse2_2.8.4-1ubuntu1.3_powerpc.deb\r\n Size/MD5: 144758 823dec3eeab525bdf9d33cd32efdadb4\r\n\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2011-03-01T00:00:00", "title": "[USN-1077-1] FUSE vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0542", "CVE-2011-0543", "CVE-2009-3297", "CVE-2011-0541"], "modified": "2011-03-01T00:00:00", "id": "SECURITYVULNS:DOC:25822", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25822", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2023-01-26T13:39:28", "description": "## Releases\n\n * Ubuntu 10.10 \n * Ubuntu 10.04 \n * Ubuntu 9.10 \n * Ubuntu 8.04 \n\n## Packages\n\n * fuse \\- \n\nIt was discovered that FUSE would incorrectly follow symlinks when checking \nmountpoints under certain conditions. A local attacker, with access to use \nFUSE, could unmount arbitrary locations, leading to a denial of service.\n", "cvss3": {}, "published": "2011-02-28T00:00:00", "type": "ubuntu", "title": "FUSE vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2011-02-28T00:00:00", "id": "USN-1077-1", "href": "https://ubuntu.com/security/notices/USN-1077-1", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:36", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1077-1", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for fuse vulnerabilities USN-1077-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2011-0543", "CVE-2009-3297", "CVE-2011-0541"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840606", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1077_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for fuse vulnerabilities USN-1077-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1077-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840606\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1077-1\");\n script_cve_id(\"CVE-2009-3297\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_name(\"Ubuntu Update for fuse vulnerabilities USN-1077-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1077-1\");\n script_tag(name:\"affected\", value:\"fuse vulnerabilities on Ubuntu 8.04 LTS,\n Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that FUSE would incorrectly follow symlinks when checking\n mountpoints under certain conditions. A local attacker, with access to use\n FUSE, could unmount arbitrary locations, leading to a denial of service.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-source\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-12-04T11:27:37", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1077-1", "cvss3": {}, "published": "2011-03-07T00:00:00", "type": "openvas", "title": "Ubuntu Update for fuse vulnerabilities USN-1077-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2011-0543", "CVE-2009-3297", "CVE-2011-0541"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840606", "href": "http://plugins.openvas.org/nasl.php?oid=840606", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1077_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for fuse vulnerabilities USN-1077-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that FUSE would incorrectly follow symlinks when checking\n mountpoints under certain conditions. A local attacker, with access to use\n FUSE, could unmount arbitrary locations, leading to a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1077-1\";\ntag_affected = \"fuse vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1077-1/\");\n script_id(840606);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 06:45:55 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1077-1\");\n script_cve_id(\"CVE-2009-3297\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_name(\"Ubuntu Update for fuse vulnerabilities USN-1077-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.7.4-1.1ubuntu4.5\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.8.4-1ubuntu1.3\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.8.1-1.1ubuntu3.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse-dev\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-source\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"fuse-utils-udeb\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfuse2-udeb\", ver:\"2.7.2-1ubuntu2.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:08:00", "description": "Check for the Version of fuse", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for fuse RHSA-2011:1083-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2010-3879", "CVE-2011-0543", "CVE-2011-0541"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:870720", "href": "http://plugins.openvas.org/nasl.php?oid=870720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for fuse RHSA-2011:1083-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FUSE (Filesystem in Userspace) can implement a fully functional file system\n in a user-space program. These packages provide the mount utility,\n fusermount, the tool used to mount FUSE file systems.\n\n Multiple flaws were found in the way fusermount handled the mounting and\n unmounting of directories when symbolic links were present. A local user in\n the fuse group could use these flaws to unmount file systems, which they\n would otherwise not be able to unmount and that were not mounted using\n FUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541,\n CVE-2011-0542, CVE-2011-0543)\n\n Note: The util-linux-ng RHBA-2011:0699 update must also be installed to\n fully correct the above flaws.\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"fuse on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00018.html\");\n script_id(870720);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:53:18 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:1083-01\");\n script_name(\"RedHat Update for fuse RHSA-2011:1083-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of fuse\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"fuse\", rpm:\"fuse~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-debuginfo\", rpm:\"fuse-debuginfo~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-devel\", rpm:\"fuse-devel~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-libs\", rpm:\"fuse-libs~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:41", "description": "Oracle Linux Local Security Checks ELSA-2011-1083", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1083", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2010-3879", "CVE-2011-0543", "CVE-2011-0541"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122129", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1083.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122129\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:32 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1083\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1083 - fuse security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1083\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1083.html\");\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"fuse\", rpm:\"fuse~2.8.3~3.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"fuse-devel\", rpm:\"fuse-devel~2.8.3~3.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"fuse-libs\", rpm:\"fuse-libs~2.8.3~3.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-06-06T00:00:00", "type": "openvas", "title": "RedHat Update for fuse RHSA-2011:1083-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2010-3879", "CVE-2011-0543", "CVE-2011-0541"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870720", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870720", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for fuse RHSA-2011:1083-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00018.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870720\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:53:18 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3879\", \"CVE-2011-0541\", \"CVE-2011-0542\", \"CVE-2011-0543\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:1083-01\");\n script_name(\"RedHat Update for fuse RHSA-2011:1083-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'fuse'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"fuse on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"FUSE (Filesystem in Userspace) can implement a fully functional file system\n in a user-space program. These packages provide the mount utility,\n fusermount, the tool used to mount FUSE file systems.\n\n Multiple flaws were found in the way fusermount handled the mounting and\n unmounting of directories when symbolic links were present. A local user in\n the fuse group could use these flaws to unmount file systems, which they\n would otherwise not be able to unmount and that were not mounted using\n FUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541,\n CVE-2011-0542, CVE-2011-0543)\n\n Note: The util-linux-ng RHBA-2011:0699 update must also be installed to\n fully correct the above flaws.\n\n All users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"fuse\", rpm:\"fuse~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-debuginfo\", rpm:\"fuse-debuginfo~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-devel\", rpm:\"fuse-devel~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"fuse-libs\", rpm:\"fuse-libs~2.8.3~3.el6_1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:41:21", "description": "FUSE (Filesystem in Userspace) can implement a fully functional file system\nin a user-space program. These packages provide the mount utility,\nfusermount, the tool used to mount FUSE file systems.\n\nMultiple flaws were found in the way fusermount handled the mounting and\nunmounting of directories when symbolic links were present. A local user in\nthe fuse group could use these flaws to unmount file systems, which they\nwould otherwise not be able to unmount and that were not mounted using\nFUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541,\nCVE-2011-0542, CVE-2011-0543)\n\nNote: The util-linux-ng RHBA-2011:0699 update must also be installed to\nfully correct the above flaws.\n\nAll users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "cvss3": {}, "published": "2011-07-20T00:00:00", "type": "redhat", "title": "(RHSA-2011:1083) Moderate: fuse security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3879", "CVE-2011-0541", "CVE-2011-0542", "CVE-2011-0543"], "modified": "2018-06-06T16:24:29", "id": "RHSA-2011:1083", "href": "https://access.redhat.com/errata/RHSA-2011:1083", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:03", "description": "[2.8.3-3]\n- Bump the release since the bz was set to the wrong target\n[2.8.3-2]\n- Fix another umount race (bz# 673250, CVE-2010-3879) ", "cvss3": {}, "published": "2011-07-20T00:00:00", "type": "oraclelinux", "title": "fuse security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2011-0542", "CVE-2010-3879", "CVE-2011-0543", "CVE-2011-0541"], "modified": "2011-07-20T00:00:00", "id": "ELSA-2011-1083", "href": "http://linux.oracle.com/errata/ELSA-2011-1083.html", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}]}
CVE-2011-0543
