ALT Linux Bugzilla – #8543
FUSE "fusermount" Mountpoint Handling Vulnerability
Last modified: 2006-01-24 14:22:01
You need to
before you can comment on or make changes to this bug.
Thomas Biege has reported a vulnerability in FUSE, which potentially can be
exploited by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
The vulnerability is caused due to "fusermount" failing to properly handle user
supplied mountpoints that contain certain characters such as newline, tab, and
backslash. This can be exploited to corrupt the "/etc/mtab" file and
potentially allowing the attacker to set unauthorized mount options.
Successful exploitation requires that "fusermount" is suid root.
Update to version 2.4.2.
p.s.: в gentoo уже убновились
p.s.2: оно у нас не suid'ное :)