Mandrake Linux Security Advisory : fuse (MDKSA-2005:216)
Low Nessus Plugin ID 20448
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options.
This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux.
The updated packages have been patched to address these problems.
SolutionUpdate the affected packages.