Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200511-17 ] FUSE: mtab corruption through fusermount
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Tue Nov 22, 2005 4:59 pm    Post subject: [ GLSA 200511-17 ] FUSE: mtab corruption through fusermount Reply with quote

Gentoo Linux Security Advisory

Title: FUSE: mtab corruption through fusermount (GLSA 200511-17)
Severity: normal
Exploitable: local
Date: November 22, 2005
Bug(s): #112902
ID: 200511-17

Synopsis

The fusermount utility from FUSE can be abused to corrupt the /etc/mtab file contents, potentially allowing a local attacker to set unauthorized mount options.

Background

FUSE (Filesystem in Userspace) allows implementation of a fully functional filesystem in a userspace program. The fusermount utility is used to mount/unmount FUSE file systems.

Affected Packages

Package: sys-fs/fuse
Vulnerable: < 2.4.1-r1
Unaffected: >= 2.4.1-r1
Architectures: All supported architectures


Description

Thomas Biege discovered that fusermount fails to securely handle special characters specified in mount points.

Impact

A local attacker could corrupt the contents of the /etc/mtab file by mounting over a maliciously-named directory using fusermount, potentially allowing the attacker to set unauthorized mount options. This is possible only if fusermount is installed setuid root, which is the default in Gentoo.

Workaround

There is no known workaround at this time.

Resolution

All FUSE users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.4.1-r1"


References

CVE-2005-3531


Last edited by GLSA on Mon Nov 06, 2006 4:17 am; edited 3 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum