Search for packages
| purl | pkg:deb/debian/fuse@2.5.3-4.4 |
| Next non-vulnerable version | 2.9.9-1+deb10u1 |
| Latest non-vulnerable version | 2.9.9-1+deb10u1 |
| Risk | 9.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4cge-7g28-k7a6
Aliases: CVE-2010-0789 |
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint. |
Affected by 7 other vulnerabilities. |
|
VCID-4nq4-5byf-fba3
Aliases: CVE-2011-0541 |
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack. |
Affected by 3 other vulnerabilities. |
|
VCID-6b2e-ewue-fqap
Aliases: CVE-2018-10906 |
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-a95r-bxba-eubj
Aliases: CVE-2011-0543 |
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. |
Affected by 3 other vulnerabilities. |
|
VCID-az2k-jzw4-fuc7
Aliases: CVE-2016-1233 |
An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-jv12-nxw2-9ya6
Aliases: CVE-2011-0542 |
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors. |
Affected by 3 other vulnerabilities. |
|
VCID-ute9-2hqz-rfb2
Aliases: CVE-2015-3202 |
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-wyxr-d8np-kqcm
Aliases: CVE-2010-3879 |
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-cmds-kzhu-c7e4 | FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. |
CVE-2005-1858
|
| VCID-mq1j-8ctw-kue6 | fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters. |
CVE-2005-3531
|