CVE-2018-10906 – fusermount - user_allow_other Restriction Bypass and SELinux Label Control
https://notcve.org/view.php?id=CVE-2018-10906
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. En fuse, en versiones anteriores a la 2.9.8 y en versiones 3.x anteriores a la 3.2.5, fusermount es vulnerable a una omisión de restricciones cuando SELinux está activo. Esto permite que usuarios no root monten un sistema de archivos FUSE con la opción "allow_other", independientemente de si "user_allow_other" está establecido en la configuración de fuse. • https://www.exploit-db.com/exploits/45106 https://access.redhat.com/errata/RHSA-2018:3324 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906 https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2 https://lists.fedoraproject.org/archives/list/package • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVE-2015-3202 – Fuse 2.9.3-15 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. fusermount en FUSE anterior a 2.9.3-15 no limpia correctamente el entorno antes de llamar a (1) mount o (2) umount como root, lo que permite a usuarios locales escribir en ficheros arbitrarios a través de una variable de entorno LIBMOUNT_MTAB manipulada que es utilizada por la característica de depuración de mount. • https://www.exploit-db.com/exploits/37089 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0543 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0543
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. Cierta funcionalidad en Fusermount en fuse v2.8.5 y anteriores, cuando util-linux no es compatible con la opción --no-canonicalize, permite a usuarios locales eludir restricciones de acceso y desmontar directorios de su elección mediante un ataque de enlaces simbólicos. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0543 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0541 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0541
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. Fuse v2.8.5 y anteriores no se comporta de forma adecuada cuando /etc/mtlab no puede ser actualizado, lo que permite a usuarios locales desmontar directorios de su elección a través de un ataque de enlaces simbólicos. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0541 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2011-0542 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0542
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. Fusermount en Fuse v2.8.5 y anteriores no realizar un chdir a / después de realizar el montado o desmontado, lo que permite a usuarios locales desmontar directorios de su elección a través de vectores no especificados. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873 http://www.openwall.com/lists/oss-security/2011/02/02/2 http://www.openwall.com/lists/oss-security/2011/02/03/5 http://www.openwall.com/lists/oss-security/2011/02/08/4 https://access.redhat.com/security/cve/CVE-2011-0542 https://bugzilla.redhat.com/show_bug.cgi?id=651183 • CWE-264: Permissions, Privileges, and Access Controls •