CVE-2016-1233
https://notcve.org/view.php?id=CVE-2016-1233
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. Una regla udev no especificada en el paquete fuse de Debian en jessie en versiones anteriores a 2.9.3-15+deb8u2, en stretch en versiones anteriores a 2.9.5-1 y en sid en versiones anteriores a 2.9.5-1 fija los permisos de escritura para todos para el dispositivo de carácter /dev/cuse, lo que podría permitir a usuarios locales obtener privilegios a través de un dispositivo de carácter in /dev, relacionado con un ioctl. • http://www.debian.org/security/2016/dsa-3451 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-3202 – Fuse 2.9.3-15 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. fusermount en FUSE anterior a 2.9.3-15 no limpia correctamente el entorno antes de llamar a (1) mount o (2) umount como root, lo que permite a usuarios locales escribir en ficheros arbitrarios a través de una variable de entorno LIBMOUNT_MTAB manipulada que es utilizada por la característica de depuración de mount. • https://www.exploit-db.com/exploits/37089 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0543 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0543
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. Cierta funcionalidad en Fusermount en fuse v2.8.5 y anteriores, cuando util-linux no es compatible con la opción --no-canonicalize, permite a usuarios locales eludir restricciones de acceso y desmontar directorios de su elección mediante un ataque de enlaces simbólicos. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0543 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0541 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0541
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. Fuse v2.8.5 y anteriores no se comporta de forma adecuada cuando /etc/mtlab no puede ser actualizado, lo que permite a usuarios locales desmontar directorios de su elección a través de un ataque de enlaces simbólicos. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0541 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2011-0542 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0542
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. Fusermount en Fuse v2.8.5 y anteriores no realizar un chdir a / después de realizar el montado o desmontado, lo que permite a usuarios locales desmontar directorios de su elección a través de vectores no especificados. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873 http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0542 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-264: Permissions, Privileges, and Access Controls •