Ubuntu
fuse package

  1. Bug #670622
  2. Comment #1

Comment 1 for bug 670622

Revision history for this message
In , Lnussel (lnussel) wrote :

Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

------------------------------------------------------------------------------
Date: Thu, 04 Nov 2010 15:45:33 -0400
From: Marc Deslauriers <email address hidden>
Subject: [oss-security] CVE request: fuse

Hello,

There is an issue with FUSE that lets unprivileged users unmount
arbitrary locations via a symlink attack. This is a different issue than
CVE-2009-3297 and CVE-2010-0789.

Ref.:

http://seclists.org/fulldisclosure/2010/Nov/15
http://www.halfdog.net/Security/FuseTimerace/

Thanks,

Marc.

--
Marc Deslauriers
Ubuntu Security Engineer | http://www.ubuntu.com/
Canonical Ltd. | http://www.canonical.com/