This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
The following security issues were fixed in fuse and util-linux :
- FUSE allowed local users to create mtab entries with
arbitrary pathnames, and consequently unmount any
filesystem, via a symlink attack on the parent directory
of the mountpoint of a FUSE filesystem. (CVE-2010-3879)
- Avoid mounting a directory including evaluation of
symlinks, which might have allowed local attackers to
mount filesystems anywhere in the system.
- Avoid symlink attacks on the mount point written in the
mtab file. (CVE-2011-0543)
Additional two bugs were fixed in util-linux :
- fixed retrying nfs mounts on rpc timeouts
- allow seperate control of the internet protocol uses by
rpc.mount seperately of the protocol used by nfs.
New features were implemented: - mount now has --fake and
--no-canonicalize options, required for the symlink security fixes.
These were backported from mainline.
See also :
Apply ZYPP patch number 7362.
Risk factor :
Medium / CVSS Base Score : 5.8
Family: SuSE Local Security Checks
Nessus Plugin ID: 53256 ()
CVE ID: CVE-2010-3879CVE-2011-0541CVE-2011-0543
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.