fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034518.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034580.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/38261
http://secunia.com/advisories/38287
http://secunia.com/advisories/38359
http://secunia.com/advisories/38437
http://sourceforge.net/projects/fuse/files/fuse-2.X/2.7.5/fuse-2.7.5.tar.gz/download
http://sourceforge.net/projects/fuse/files/ReleaseNotes/fuse-2.8.3.html/view
http://www.debian.org/security/2010/dsa-1989
http://www.securityfocus.com/bid/37983
http://www.ubuntu.com/usn/USN-892-1
http://www.vupen.com/english/advisories/2010/1107
https://bugzilla.redhat.com/show_bug.cgi?id=532940
OR
cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
52479 | Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : fuse vulnerabilities (USN-1077-1) | Nessus | Ubuntu Local Security Checks | low |
51743 | SuSE 10 Security Update : fuse (ZYPP Patch Number 6888) | Nessus | SuSE Local Security Checks | low |
51742 | SuSE 10 Security Update : fuse (ZYPP Patch Number 6886) | Nessus | SuSE Local Security Checks | low |
51741 | SuSE 10 Security Update : fuse (ZYPP Patch Number 6840) | Nessus | SuSE Local Security Checks | low |
51740 | SuSE 10 Security Update : fuse (ZYPP Patch Number 6838) | Nessus | SuSE Local Security Checks | low |
50907 | SuSE 11 Security Update : fuse (SAT Patch Number 2078) | Nessus | SuSE Local Security Checks | low |
47236 | Fedora 12 : fuse-2.8.1-4.fc12 (2010-1159) | Nessus | Fedora Local Security Checks | low |
47233 | Fedora 11 : fuse-2.8.1-2.fc11 (2010-1140) | Nessus | Fedora Local Security Checks | low |
46210 | openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1) | Nessus | SuSE Local Security Checks | low |
46208 | openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1) | Nessus | SuSE Local Security Checks | low |
46206 | openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1) | Nessus | SuSE Local Security Checks | low |
44870 | Mandriva Linux Security Advisory : fuse (MDVSA-2010:047) | Nessus | Mandriva Local Security Checks | low |
44853 | Debian DSA-1989-1 : fuse - denial of service | Nessus | Debian Local Security Checks | low |
44616 | openSUSE Security Update : fuse (fuse-1897) | Nessus | SuSE Local Security Checks | low |
44611 | openSUSE Security Update : fuse (fuse-1897) | Nessus | SuSE Local Security Checks | low |
44606 | openSUSE Security Update : fuse (fuse-1897) | Nessus | SuSE Local Security Checks | low |
44389 | SuSE 11 Security Update : fuse (SAT Patch Number 1867) | Nessus | SuSE Local Security Checks | low |
44335 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : fuse vulnerability (USN-892-1) | Nessus | Ubuntu Local Security Checks | low |