Lucene search
K

82 matches found

Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.16 views

EulerOS Virtualization 2.5.3 : fuse (EulerOS-SA-2019-1186)

According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root...

7.8CVSS6.7AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2019/04/01 12:0 a.m.18 views

Fedora 29 : fuse (2019-31722b8f33)

Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

7.8CVSS6.6AI score0.01414EPSS
Exploits3References2
BDU FSTEC
BDU FSTEC
added 2019/02/05 12:0 a.m.4 views

The vulnerability of the fusermount module in file system drivers for UNIX-like operating systems allows a attacker to cause a service failure or other unpredictable behavior.

The vulnerability of the fusermount driver for file systems in UNIX-like operating systems relates to circumventing a limitation under SELinux’s mandatory access control policy. This allows users without root privileges to mount the FUSE file system with the “allowother” mount option, regardless ...

7.8CVSS6.6AI score0.01414EPSS
Exploits3References7Affected Software3
OpenVAS
OpenVAS
added 2018/10/24 12:0 a.m.18 views

openSUSE: Security Advisory for fuse (openSUSE-SU-2018:3326-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS8AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2018/10/24 12:0 a.m.114 views

openSUSE Security Update : fuse (openSUSE-2018-1225)

This update for fuse fixes the following security issue : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fus...

7.8CVSS6.7AI score0.01414EPSS
Exploits3References2
Hacker One
Hacker One
added 2018/10/22 9:31 p.m.39 views

Keybase: Linux privilege escalation via trusted $PATH in keybase-redirector

keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fusermount binary as root. Environment CentOS Linux...

1.5AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/30 12:0 a.m.41 views

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

/ It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode: =============================================== uuser@debian:$ mount|grep...

7AI score
Exploits0
0day.today
0day.today
added 2018/07/30 12:0 a.m.167 views

fusermount - user_allow_other Restriction Bypass and SELinux Label Control Exploit

Exploit for linux platform in category dos / poc / It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode:...

6.7AI score0.01414EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/07/30 12:0 a.m.63 views

fusermount Restriction Bypass

fusermount userallowother restriction bypass and SELinux label control CVE-2018-10906 It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive...

0.2AI score0.01414EPSS
Exploits3
exploitpack
exploitpack
added 2018/07/30 12:0 a.m.24 views

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

fusermount - userallowother Restriction Bypass and SELinux Label Control / It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode:...

0.2AI score
Exploits0
Debian
Debian
added 2018/07/28 2:21 p.m.33 views

[SECURITY] [DSA 4257-1] fuse security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4257-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 28, 2018 https://www.debian.org/security/faq -...

4.6CVSS1.3AI score0.01414EPSS
Exploits3
Debian CVE
Debian CVE
added 2018/07/24 8:0 p.m.31 views

CVE-2018-10906

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse configuration. An attack...

7.8CVSS6.7AI score0.01414EPSS
Exploits3
OpenVAS
OpenVAS
added 2016/03/10 12:0 a.m.16 views

Gentoo Security Advisory GLSA 201603-04

Gentoo Linux Local Security Checks GLSA 201603-04 SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

3.6CVSS7.2AI score0.01008EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.24 views

Amazon Linux: Security Advisory (ALAS-2015-558)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.6CVSS6.7AI score0.01008EPSS
Exploits5References2
Amazon
Amazon
added 2015/07/07 12:0 a.m.34 views

Medium: fuse

Issue Overview: It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. Affected Packages: fuse Issue Correction: Run yum update fuse or yum upda...

3.6CVSS6.8AI score0.01008EPSS
Exploits5
OSV
OSV
added 2015/07/02 9:59 p.m.1 views

DEBIAN-CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

3.6CVSS6.7AI score0.01008EPSS
Exploits5References1
Prion
Prion
added 2015/07/02 9:59 p.m.22 views

Design/Logic Flaw

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

3.6CVSS6.6AI score0.01008EPSS
Exploits5References22Affected Software2
CVE
CVE
added 2015/07/02 9:16 p.m.131 views

CVE-2015-3202

CVE-2015-3202 affects FUSE’s fusermount prior to 2.9.3-15, where environment variables are not fully cleared before invoking mount or umount as root. This allows a local unprivileged user to write to arbitrary files via a crafted LIBMOUNT_MTAB used by mount’s debugging feature, potentially enabli...

3.6CVSS6AI score0.01008EPSS
Exploits5References22Affected Software1
Cvelist
Cvelist
added 2015/07/02 9:16 p.m.20 views

CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

6.2AI score0.01008EPSS
Exploits5References22
Debian CVE
Debian CVE
added 2015/07/02 9:16 p.m.30 views

CVE-2015-3202

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking 1 mount or 2 umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNTMTAB environment variable that is used by mount's debugging feature...

3.6CVSS6.1AI score0.01008EPSS
Exploits5
Rows per page
Query Builder