Veracode Vulnerability DatabaseVERACODE:24635Privilege Escalation
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
fuse is vulnerable to privilege escalation. The vulnerability exists as through the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fuse | eq | 2.8.3__1.el6 |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333
lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html
lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
openwall.com/lists/oss-security/2010/11/04/8
openwall.com/lists/oss-security/2010/11/05/2
osvdb.org/70520
secunia.com/advisories/42961
secunia.com/advisories/42965
www.halfdog.net/Security/FuseTimerace/
www.mandriva.com/security/advisories?name=MDVSA-2013:155
www.securityfocus.com/bid/44623
www.ubuntu.com/usn/USN-1045-1
www.ubuntu.com/usn/USN-1045-2
www.vupen.com/english/advisories/2011/0181
www.vupen.com/english/advisories/2011/0302
access.redhat.com/errata/RHSA-2011:1083
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/bugs/670622
bugzilla.novell.com/show_bug.cgi?id=651598
bugzilla.redhat.com/show_bug.cgi?id=651183
exchange.xforce.ibmcloud.com/vulnerabilities/62986
rhn.redhat.com/errata/RHBA-2011-0699.html
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P