CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2018-10906 – fusermount - user_allow_other Restriction Bypass and SELinux Label Control
https://notcve.org/view.php?id=CVE-2018-10906
24 Jul 2018 — In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. En fuse, en v... • https://packetstorm.news/files/id/148749 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2015-3202 – Fuse 2.9.3-15 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3202
21 May 2015 — fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. fusermount en FUSE anterior a 2.9.3-15 no limpia correctamente el entorno antes de llamar a (1) mount o (2) umount como root, lo que permite a usuarios locales escribir en ficheros arbitrarios a través de una variable de entorno LIBMOUNT_MTAB ... • https://packetstorm.news/files/id/132021 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 0CVE-2011-0541 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0541
02 Sep 2011 — fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. Fuse v2.8.5 y anteriores no se comporta de forma adecuada cuando /etc/mtlab no puede ser actualizado, lo que permite a usuarios locales desmontar directorios de su elección a través de un ataque de enlaces simbólicos. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 0CVE-2011-0542 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0542
02 Sep 2011 — fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. Fusermount en Fuse v2.8.5 y anteriores no realizar un chdir a / después de realizar el montado o desmontado, lo que permite a usuarios locales desmontar directorios de su elección a través de vectores no especificados. • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 33EXPL: 0CVE-2011-0543 – fuse: unprivileged user can unmount arbitrary locations via symlink attack
https://notcve.org/view.php?id=CVE-2011-0543
02 Sep 2011 — Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. Cierta funcionalidad en Fusermount en fuse v2.8.5 y anteriores, cuando util-linux no es compatible con la opción --no-canonicalize, permite a usuarios locales eludir restricciones de acceso y desmontar directorios de su elección mediante un ataque de enlaces simból... • http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 25EXPL: 0CVE-2010-0789
https://notcve.org/view.php?id=CVE-2010-0789
02 Mar 2010 — fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. fusermount en FUSE anteriores a v2.7.5, y v2.8.x anteriores a v2.8.2, permite a usuarios locales desmontar sistemas de ficheros compartidos FUSE arbitrarios a través de un ataque de enlace simbólico en un punto de montaje. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2005-1858 – FUSE 2.2/2.3 - Local Information Disclosure
https://notcve.org/view.php?id=CVE-2005-1858
03 Jun 2005 — FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. • https://www.exploit-db.com/exploits/25789 •