Bug 22834

Summary:	CVE-2009-3297: fusermount privilege escalation
Product:	Sisyphus	Reporter:	Dmitry V. Levin <ldv>
Component:	fuse	Assignee:	Evgeny Sinelnikov <sin>
Status:	CLOSED FIXED	QA Contact:	qa-sisyphus
Severity:	blocker
Priority:	P3	CC:	cas, mike, rider, sin
Version:	unstable	Keywords:	security
Hardware:	all
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3297

Description Dmitry V. Levin 2010-01-27 00:41:13 MSK

Daniel Rosenberg found a race condition in the FUSE's fusermount's utility by performing FUSE filesystem(s) unmount operation.  A local, unprivileged user could use this flaw to cause a denial of service (unprivileged unmount of FUSE filesystem share(s) owned by privileged user) via symlink attack involving FUSE share(s) belonging to privileged user.

Comment 1 Repository Robot 2010-01-27 13:32:04 MSK

fuse-2.8.2-alt1 -> sisyphus:

* Wed Jan 27 2010 Denis Smirnov <mithraen@altlinux> 2.8.2-alt1

- 2.8.2
- CVE-2009-3297 (ALT #22834)

Comment 2 Andrey Cherepanov 2010-01-27 15:10:18 MSK

Денис, можете собрать в 5.1?

Comment 3 Denis Smirnov 2010-01-27 15:31:47 MSK

http://git.altlinux.org/tasks/archive/done/19251/task/log

Comment 4 Andrey Cherepanov 2010-01-27 15:46:26 MSK

Спасибо. task #19253 — в p5.