2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.1%
Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options.
This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux.
The updated packages have been patched to address these problems.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:216.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20448);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-3531");
script_xref(name:"MDKSA", value:"2005:216");
script_name(english:"Mandrake Linux Security Advisory : fuse (MDKSA-2005:216)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Thomas Beige found that fusermount failed to securely handle special
characters specified in mount points, which could allow a local
attacker to corrupt the contents of /etc/mtab by mounting over a
maliciously-named directory using fusermount. This could potentially
allow the attacker to set unauthorized mount options.
This is only possible when fusermount is installed setuid root, which
is the case in Mandriva Linux.
The updated packages have been patched to address these problems."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dkms-fuse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:fuse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64fuse2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64fuse2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64fuse2-static-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfuse2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfuse2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libfuse2-static-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
script_set_attribute(attribute:"patch_publication_date", value:"2005/11/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"dkms-fuse-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"fuse-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64fuse2-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64fuse2-devel-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64fuse2-static-devel-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfuse2-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfuse2-devel-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libfuse2-static-devel-2.3.0-2.1.20060mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
mandriva | linux | dkms-fuse | p-cpe:/a:mandriva:linux:dkms-fuse |
mandriva | linux | fuse | p-cpe:/a:mandriva:linux:fuse |
mandriva | linux | lib64fuse2 | p-cpe:/a:mandriva:linux:lib64fuse2 |
mandriva | linux | lib64fuse2-devel | p-cpe:/a:mandriva:linux:lib64fuse2-devel |
mandriva | linux | lib64fuse2-static-devel | p-cpe:/a:mandriva:linux:lib64fuse2-static-devel |
mandriva | linux | libfuse2 | p-cpe:/a:mandriva:linux:libfuse2 |
mandriva | linux | libfuse2-devel | p-cpe:/a:mandriva:linux:libfuse2-devel |
mandriva | linux | libfuse2-static-devel | p-cpe:/a:mandriva:linux:libfuse2-static-devel |
mandriva | linux | 2006 | cpe:/o:mandriva:linux:2006 |