Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2018-10906HistoryJul 24, 2018 - 8:29 p.m.
CVE-2018-10906
2018-07-2420:29:00
Debian Security Bug Tracker
security-tracker.debian.org
9
0.001 Low
EPSS
Percentile
48.6%
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the ‘allow_other’ mount option regardless of whether ‘user_allow_other’ is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | fuse | < 2.9.8-1 | fuse_2.9.8-1_all.deb |
| Debian | 11 | all | fuse | < 2.9.8-1 | fuse_2.9.8-1_all.deb |
| Debian | 10 | all | fuse | < 2.9.8-1 | fuse_2.9.8-1_all.deb |
| Debian | 999 | all | fuse | < 2.9.8-1 | fuse_2.9.8-1_all.deb |
| Debian | 13 | all | fuse | < 2.9.8-1 | fuse_2.9.8-1_all.deb |
| Debian | 12 | all | fuse3 | < 3.2.6-1 | fuse3_3.2.6-1_all.deb |
| Debian | 11 | all | fuse3 | < 3.2.6-1 | fuse3_3.2.6-1_all.deb |
| Debian | 10 | all | fuse3 | < 3.2.6-1 | fuse3_3.2.6-1_all.deb |
| Debian | 999 | all | fuse3 | < 3.2.6-1 | fuse3_3.2.6-1_all.deb |
| Debian | 13 | all | fuse3 | < 3.2.6-1 | fuse3_3.2.6-1_all.deb |
Related
ibm
ibm
Security Bulletin: A vulnerability in libfuse affects PowerKVM
2018-12-17 15:00:02
nessus
nessus
openSUSE Security Update : fuse (openSUSE-2019-823)
2019-03-27 00:00:00
Ubuntu 16.04 ESM : FUSE vulnerability (USN-5326-1)
2022-03-15 00:00:00
EulerOS 2.0 SP5 : fuse (EulerOS-SA-2019-1003)
2019-01-08 00:00:00
osv
osv
fuse - security update
2018-07-28 00:00:00
CVE-2018-10906
2018-07-24 20:29:00
fuse vulnerability
2022-03-16 22:20:55
packetstorm
packetstorm
fusermount Restriction Bypass
2018-07-30 00:00:00
prion
prion
Authentication flaw
2018-07-24 20:29:00
cvelist
cvelist
CVE-2018-10906
2018-07-24 20:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for fuse (EulerOS-SA-2019-1442)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3219-1)
2021-04-19 00:00:00
Fedora Update for fuse FEDORA-2019-fd54b80806
2019-04-05 00:00:00
debian
debian
[SECURITY] [DLA 1468-1] fuse security update
2018-08-15 20:45:40
[SECURITY] [DSA 4257-1] fuse security update
2018-07-28 14:22:04
[SECURITY] [DSA 4257-1] fuse security update
2018-07-28 14:21:35
fedora
fedora
[SECURITY] Fedora 29 Update: fuse-2.9.9-1.fc29
2019-03-31 03:02:28
[SECURITY] Fedora 28 Update: fuse-2.9.9-1.fc28
2019-04-05 01:56:29
[SECURITY] Fedora 30 Update: fuse-2.9.9-1.fc30
2019-03-31 00:07:20
veracode
veracode
Access Control Bypass
2018-07-25 02:50:47
Access Control Bypass
2019-01-15 09:25:50
ubuntucve
ubuntucve
CVE-2018-10906
2018-07-24 00:00:00
alpinelinux
alpinelinux
CVE-2018-10906
2018-07-24 20:29:00
amazon
amazon
Medium: fuse
2018-12-06 20:29:00
Medium: fuse
2019-04-17 18:45:00
oraclelinux
oraclelinux
fuse security update
2020-07-27 00:00:00
suse
suse
Security update for fuse (moderate)
2018-10-23 15:27:32
Security update for fuse (moderate)
2018-10-23 15:27:56
centos
centos
fuse security update
2018-11-15 18:45:07
cbl_mariner
cbl_mariner
CVE-2018-10906 affecting package fuse 2.9.7-7
2020-09-09 06:09:15
CVE-2018-10906 affecting package fuse for versions less than 2.9.7-10
2022-04-09 06:51:53
CVE-2018-10906 affecting package fuse for versions less than 2.9.7-10
2024-03-19 17:21:46
zdt
zdt
redhatcve
redhatcve
CVE-2018-10906
2018-07-24 13:22:43
redhat
redhat
(RHSA-2018:3324) Moderate: fuse security update
2018-10-30 04:43:18
cve
cve
CVE-2018-10906
2018-07-24 20:29:00
CVE-2021-33805
2021-06-03 03:15:00
photon
photon