CVE-2010-0789 — Link Following in Fuse

CWE-59 — Link Following10 documents8 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 80.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Fuse Fuse

Timeline

PublishedMar 2

Latest updateMay 2

Description

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Debianredhat/fuse< 2.8.1-1.2+2

▶NVDfuse/fuse23 versions+22

Patches

Patch: sourceforge.net ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgrw-x4f3-89h8: fusermount in FUSE before 2↗2022-05-02

▶

CVEList

CVE-2010-0789: fusermount in FUSE before 2↗2010-03-02

▶

OSV

CVE-2010-0789: fusermount in FUSE before 2↗2010-03-02

▶

📋Vendor Advisories

Red Hat

fuse: unprivileged user can unmount arbitrary locations via symlink attack↗2010-11-02

▶

Ubuntu

FUSE vulnerability↗2010-01-28

▶

Red Hat

fuse: Race condition by umount (fusermount) operations↗2010-01-26

▶

Debian

CVE-2010-0789: fuse - fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to u...↗2010

▶

💬Community

Bugzilla

CVE-2012-0789 php: strtotime timezone memory leak↗2012-01-21

▶

Bugzilla

CVE-2010-0789 fuse: Race condition by umount (fusermount) operations↗2010-03-26

▶