Rapid7 Vulnerability & Exploit Database

RHSA-2011:1083: fuse security update

Back to Search

RHSA-2011:1083: fuse security update

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
01/22/2011
Created
07/25/2018
Added
07/29/2011
Modified
07/04/2017

Description

FUSE (Filesystem in Userspace) can implement a fully functional file systemin a user-space program. These packages provide the mount utility,fusermount, the tool used to mount FUSE file systems.Multiple flaws were found in the way fusermount handled the mounting andunmounting of directories when symbolic links were present. A local user inthe fuse group could use these flaws to unmount file systems, which theywould otherwise not be able to unmount and that were not mounted usingFUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541,CVE-2011-0542, CVE-2011-0543)Note: The util-linux-ng RHBA-2011:0699 update must also be installed tofully correct the above flaws.All users should upgrade to these updated packages, which containbackported patches to correct these issues.

Solution(s)

  • redhat-upgrade-fuse
  • redhat-upgrade-fuse-debuginfo
  • redhat-upgrade-fuse-devel
  • redhat-upgrade-fuse-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;