CVE-2011-0543
Published: 10 February 2011
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
Priority
Status
Package | Release | Status |
---|---|---|
fuse Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(2.7.2-1ubuntu2.3)
|
|
karmic |
Released
(2.7.4-1.1ubuntu4.5)
|
|
lucid |
Released
(2.8.1-1.1ubuntu3.1)
|
|
maverick |
Released
(2.8.4-1ubuntu1.3)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=2fcbc2a5a94983813c533c015134c6974f8ee636 upstream: http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 |