CVE-2010-0789

LOW

Description

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034518.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034580.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/38261

http://secunia.com/advisories/38287

http://secunia.com/advisories/38359

http://secunia.com/advisories/38437

http://sourceforge.net/projects/fuse/files/fuse-2.X/2.7.5/fuse-2.7.5.tar.gz/download

http://sourceforge.net/projects/fuse/files/ReleaseNotes/fuse-2.8.3.html/view

http://www.debian.org/security/2010/dsa-1989

http://www.securityfocus.com/bid/37983

http://www.ubuntu.com/usn/USN-892-1

http://www.vupen.com/english/advisories/2010/1107

https://bugzilla.redhat.com/show_bug.cgi?id=532940

https://bugzilla.redhat.com/show_bug.cgi?id=558833

https://exchange.xforce.ibmcloud.com/vulnerabilities/55945

Details

Source: MITRE

Published: 2010-03-02

Updated: 2017-08-17

Type: CWE-59

Risk Information

CVSS v2.0

Base Score: 3.3

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.4

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:fuse:fuse:2.7.4:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
52479Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : fuse vulnerabilities (USN-1077-1)NessusUbuntu Local Security Checks
low
51743SuSE 10 Security Update : fuse (ZYPP Patch Number 6888)NessusSuSE Local Security Checks
low
51742SuSE 10 Security Update : fuse (ZYPP Patch Number 6886)NessusSuSE Local Security Checks
low
51741SuSE 10 Security Update : fuse (ZYPP Patch Number 6840)NessusSuSE Local Security Checks
low
51740SuSE 10 Security Update : fuse (ZYPP Patch Number 6838)NessusSuSE Local Security Checks
low
50907SuSE 11 Security Update : fuse (SAT Patch Number 2078)NessusSuSE Local Security Checks
low
47236Fedora 12 : fuse-2.8.1-4.fc12 (2010-1159)NessusFedora Local Security Checks
low
47233Fedora 11 : fuse-2.8.1-2.fc11 (2010-1140)NessusFedora Local Security Checks
low
46210openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1)NessusSuSE Local Security Checks
low
46208openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1)NessusSuSE Local Security Checks
low
46206openSUSE Security Update : fuse (openSUSE-SU-2010:0187-1)NessusSuSE Local Security Checks
low
44870Mandriva Linux Security Advisory : fuse (MDVSA-2010:047)NessusMandriva Local Security Checks
low
44853Debian DSA-1989-1 : fuse - denial of serviceNessusDebian Local Security Checks
low
44616openSUSE Security Update : fuse (fuse-1897)NessusSuSE Local Security Checks
low
44611openSUSE Security Update : fuse (fuse-1897)NessusSuSE Local Security Checks
low
44606openSUSE Security Update : fuse (fuse-1897)NessusSuSE Local Security Checks
low
44389SuSE 11 Security Update : fuse (SAT Patch Number 1867)NessusSuSE Local Security Checks
low
44335Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : fuse vulnerability (USN-892-1)NessusUbuntu Local Security Checks
low