Search criteria
2 vulnerabilities by fuse_project
CVE-2018-10906 (GCVE-0-2018-10906)
Vulnerability from cvelistv5 – Published: 2018-07-24 20:00 – Updated: 2024-08-05 07:54
VLAI
Summary
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Severity
5.3 (Medium)
CWE
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2018/dsa-4257 | vendor-advisoryx_refsource_DEBIAN |
| https://www.exploit-db.com/exploits/45106/ | exploitx_refsource_EXPLOIT-DB |
| https://access.redhat.com/errata/RHSA-2018:3324 | vendor-advisoryx_refsource_REDHAT |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
Date Public
2018-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906"
},
{
"name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html"
},
{
"name": "DSA-4257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4257"
},
{
"name": "45106",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45106/"
},
{
"name": "RHSA-2018:3324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3324"
},
{
"name": "FEDORA-2019-dd00364b71",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/"
},
{
"name": "FEDORA-2019-31722b8f33",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/"
},
{
"name": "FEDORA-2019-fd54b80806",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fuse",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "fuse 2.9.8"
},
{
"status": "affected",
"version": "fuse 3.2.5"
}
]
}
],
"datePublic": "2018-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the \u0027allow_other\u0027 mount option regardless of whether \u0027user_allow_other\u0027 is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-05T04:06:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906"
},
{
"name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html"
},
{
"name": "DSA-4257",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4257"
},
{
"name": "45106",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45106/"
},
{
"name": "RHSA-2018:3324",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3324"
},
{
"name": "FEDORA-2019-dd00364b71",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/"
},
{
"name": "FEDORA-2019-31722b8f33",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/"
},
{
"name": "FEDORA-2019-fd54b80806",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fuse",
"version": {
"version_data": [
{
"version_value": "fuse 2.9.8"
},
{
"version_value": "fuse 3.2.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the \u0027allow_other\u0027 mount option regardless of whether \u0027user_allow_other\u0027 is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906"
},
{
"name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html"
},
{
"name": "DSA-4257",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4257"
},
{
"name": "45106",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45106/"
},
{
"name": "RHSA-2018:3324",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3324"
},
{
"name": "FEDORA-2019-dd00364b71",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/"
},
{
"name": "FEDORA-2019-31722b8f33",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/"
},
{
"name": "FEDORA-2019-fd54b80806",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10906",
"datePublished": "2018-07-24T20:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:35.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3202 (GCVE-0-2015-3202)
Vulnerability from cvelistv5 – Published: 2015-07-02 21:16 – Updated: 2024-08-06 05:39
VLAI
Summary
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2015-05-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3268",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3268"
},
{
"name": "USN-2617-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2617-1"
},
{
"name": "FEDORA-2015-8771",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html"
},
{
"name": "FEDORA-2015-8782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html"
},
{
"name": "FEDORA-2015-8751",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html"
},
{
"name": "1032386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032386"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/taviso/ecb70eb12d461dd85cba"
},
{
"name": "74765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74765"
},
{
"name": "FEDORA-2015-8773",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html"
},
{
"name": "openSUSE-SU-2015:1003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html"
},
{
"name": "DSA-3266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3266"
},
{
"name": "GLSA-201603-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201603-04"
},
{
"name": "USN-2617-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2617-2"
},
{
"name": "FEDORA-2015-8777",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html"
},
{
"name": "FEDORA-2015-8756",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html"
},
{
"name": "GLSA-201701-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-19"
},
{
"name": "[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/21/9"
},
{
"name": "openSUSE-SU-2015:0997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/taviso/status/601370527437967360"
},
{
"name": "37089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37089/"
},
{
"name": "USN-2617-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2617-3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount\u0027s debugging feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3268",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3268"
},
{
"name": "USN-2617-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2617-1"
},
{
"name": "FEDORA-2015-8771",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html"
},
{
"name": "FEDORA-2015-8782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html"
},
{
"name": "FEDORA-2015-8751",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html"
},
{
"name": "1032386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032386"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/taviso/ecb70eb12d461dd85cba"
},
{
"name": "74765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74765"
},
{
"name": "FEDORA-2015-8773",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html"
},
{
"name": "openSUSE-SU-2015:1003",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html"
},
{
"name": "DSA-3266",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3266"
},
{
"name": "GLSA-201603-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201603-04"
},
{
"name": "USN-2617-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2617-2"
},
{
"name": "FEDORA-2015-8777",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html"
},
{
"name": "FEDORA-2015-8756",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html"
},
{
"name": "GLSA-201701-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-19"
},
{
"name": "[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/21/9"
},
{
"name": "openSUSE-SU-2015:0997",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/taviso/status/601370527437967360"
},
{
"name": "37089",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/37089/"
},
{
"name": "USN-2617-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2617-3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3202",
"datePublished": "2015-07-02T21:16:00.000Z",
"dateReserved": "2015-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:39:31.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}