Fuse
by Fuse
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-3879 | 0.04 | — | 0.10 | Jan 22, 2011 | FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. | |||
| CVE-2015-3202 | 0.03 | — | 0.01 | Jul 2, 2015 | fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. | |||
| CVE-2005-1858 | 0.03 | — | 0.01 | Jun 3, 2005 | FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | |||
| CVE-2011-0543 | 0.00 | — | 0.00 | Sep 2, 2011 | Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. | |||
| CVE-2011-0542 | 0.00 | — | 0.00 | Sep 2, 2011 | fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. | |||
| CVE-2011-0541 | 0.00 | — | 0.00 | Sep 2, 2011 | fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. | |||
| CVE-2010-0789 | 0.00 | — | 0.00 | Mar 2, 2010 | fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. | |||
| CVE-2006-0751 | 0.00 | — | 0.02 | Feb 18, 2006 | Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors. | |||
| CVE-2005-3531 | 0.00 | — | 0.00 | Nov 23, 2005 | fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. |
- CVE-2010-3879Jan 22, 2011risk 0.04cvss —epss 0.10
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
- CVE-2015-3202Jul 2, 2015risk 0.03cvss —epss 0.01
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
- CVE-2005-1858Jun 3, 2005risk 0.03cvss —epss 0.01
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
- CVE-2011-0543Sep 2, 2011risk 0.00cvss —epss 0.00
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
- CVE-2011-0542Sep 2, 2011risk 0.00cvss —epss 0.00
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
- CVE-2011-0541Sep 2, 2011risk 0.00cvss —epss 0.00
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
- CVE-2010-0789Mar 2, 2010risk 0.00cvss —epss 0.00
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
- CVE-2006-0751Feb 18, 2006risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.
- CVE-2005-3531Nov 23, 2005risk 0.00cvss —epss 0.00
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.