Bug 8543 - FUSE "fusermount" Mountpoint Handling Vulnerability
Summary: FUSE "fusermount" Mountpoint Handling Vulnerability
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: fuse (show other bugs)
Version: unstable
Hardware: all Linux
: P2 major
Assignee: Evgeny Sinelnikov
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/17691/
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-23 16:23 MSK by Igor Zubkov
Modified: 2006-01-24 14:22 MSK (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Igor Zubkov 2005-11-23 16:24:01 MSK 
Thomas Biege has reported a vulnerability in FUSE, which potentially can be  
exploited by malicious, local users to perform certain actions on a vulnerable  
system with escalated privileges.  
   
The vulnerability is caused due to "fusermount" failing to properly handle user  
supplied mountpoints that contain certain characters such as newline, tab, and  
backslash. This can be exploited to corrupt the "/etc/mtab" file and  
potentially allowing the attacker to set unauthorized mount options.  
   
Successful exploitation requires that "fusermount" is suid root.  
 
Solution: 
Update to version 2.4.2. 
 
p.s.: в gentoo уже убновились 
p.s.2: оно у нас не suid'ное :)
Comment 1 Denis Smirnov 2005-11-29 22:13:10 MSK 
обновлена