blob: 3b0c673bf349aced611633b9b9574bf888f84672 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200511-17">
<title>FUSE: mtab corruption through fusermount</title>
The fusermount utility from FUSE can be abused to corrupt the /etc/mtab
file contents, potentially allowing a local attacker to set unauthorized
mount options.
<product type="ebuild">FUSE</product>
<announced>November 22, 2005</announced>
<revised>November 22, 2005: 01</revised>
<package name="sys-fs/fuse" auto="yes" arch="*">
<unaffected range="ge">2.4.1-r1</unaffected>
<vulnerable range="lt">2.4.1-r1</vulnerable>
FUSE (Filesystem in Userspace) allows implementation of a fully
functional filesystem in a userspace program. The fusermount utility is
used to mount/unmount FUSE file systems.
Thomas Biege discovered that fusermount fails to securely handle
special characters specified in mount points.
<impact type="normal">
A local attacker could corrupt the contents of the /etc/mtab file
by mounting over a maliciously-named directory using fusermount,
potentially allowing the attacker to set unauthorized mount options.
This is possible only if fusermount is installed setuid root, which is
the default in Gentoo.
There is no known workaround at this time.
All FUSE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=sys-fs/fuse-2.4.1-r1&quot;</code>
<uri link="">CVE-2005-3531</uri>
<metadata tag="requester" timestamp="Sun, 20 Nov 2005 12:06:35 +0000">
<metadata tag="submitter" timestamp="Mon, 21 Nov 2005 13:30:54 +0000">
<metadata tag="bugReady" timestamp="Tue, 22 Nov 2005 16:07:17 +0000">