Date: Tue, 8 Feb 2011 14:09:18 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: fuse Sorry for the dealy, some other things popped up :( I'm going to assign 3 IDs. These look like they maybe could be combined, but I'd rather not try to just to have a big split later on when we find out various versions are affected in different ways. > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f > > Fuse tries to mount a directory without resolving symlinks, and then > tries to update mtab. If it couldn't update mtab, it would unmount the > directory while resolving symlinks this time, resulting in a different > directory being unmounted. Use CVE-2011-0541 > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873 > > This prevents local users from changing the location of the current > directory from under fuse using a timing attack. Use CVE-2011-0542 > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 > > Fuse uses the --no-canonicalize mount option to prevent a symlink attack > on the mount point written to mtab. For backwards compatibility reasons, > it would fallback to using mount in an insecure way. This fallback could > get triggered by a user when an entry already existed in mtab. > Use CVE-2011-0543 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ