Mandrake Linux Security Advisory : fuse (MDKSA-2005:216)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Thomas Beige found that fusermount failed to securely handle special
characters specified in mount points, which could allow a local
attacker to corrupt the contents of /etc/mtab by mounting over a
maliciously-named directory using fusermount. This could potentially
allow the attacker to set unauthorized mount options.

This is only possible when fusermount is installed setuid root, which
is the case in Mandriva Linux.

The updated packages have been patched to address these problems.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20448 (mandrake_MDKSA-2005-216.nasl)

Bugtraq ID:

CVE ID: CVE-2005-3531

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now