VYPR

Fuse

by Fuse

CVEs (9)

  • CVE-2010-3879Jan 22, 2011
    risk 0.04cvss epss 0.10

    FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

  • CVE-2015-3202Jul 2, 2015
    risk 0.03cvss epss 0.01

    fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

  • CVE-2005-1858Jun 3, 2005
    risk 0.03cvss epss 0.01

    FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

  • CVE-2011-0543Sep 2, 2011
    risk 0.00cvss epss 0.00

    Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.

  • CVE-2011-0542Sep 2, 2011
    risk 0.00cvss epss 0.00

    fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.

  • CVE-2011-0541Sep 2, 2011
    risk 0.00cvss epss 0.00

    fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

  • CVE-2010-0789Mar 2, 2010
    risk 0.00cvss epss 0.00

    fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

  • CVE-2006-0751Feb 18, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.

  • CVE-2005-3531Nov 23, 2005
    risk 0.00cvss epss 0.00

    fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.