Veracode Vulnerability DatabaseVERACODE:24636Privilege Escalation
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
fuse is vulnerable to privilege escalation. The vulnerability exists through the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fuse | eq | 2.8.3__1.el6 | |
| fuse | eq | 2.8.3__1.el6 |
References
fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f
fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f
lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
www.openwall.com/lists/oss-security/2011/02/02/2
www.openwall.com/lists/oss-security/2011/02/03/5
www.openwall.com/lists/oss-security/2011/02/08/4
access.redhat.com/errata/RHSA-2011:1083
access.redhat.com/security/updates/classification/#moderate
rhn.redhat.com/errata/RHBA-2011-0699.html
Related
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P