Date: Tue, 8 Feb 2011 14:09:18 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: fuse Sorry for the dealy, some other things popped up :( I'm going to assign 3 IDs. These look like they maybe could be combined, but I'd rather not try to just to have a big split later on when we find out various versions are affected in different ways. > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f > > Fuse tries to mount a directory without resolving symlinks, and then > tries to update mtab. If it couldn't update mtab, it would unmount the > directory while resolving symlinks this time, resulting in a different > directory being unmounted. Use CVE-2011-0541 > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873 > > This prevents local users from changing the location of the current > directory from under fuse using a timing attack. Use CVE-2011-0542 > > http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 > > Fuse uses the --no-canonicalize mount option to prevent a symlink attack > on the mount point written to mtab. For backwards compatibility reasons, > it would fallback to using mount in an insecure way. This fallback could > get triggered by a user when an entry already existed in mtab. > Use CVE-2011-0543 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.