Jump to content

Advisories (MDKSA-2005:216 ): fuse


aru
 Share

Recommended Posts

Mandriva Advisories MDKSA-2005:216 : fuse

 

Updated fuse packages fix vulnerability

November 24th, 2005

 

Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount.This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems.

 

 

The released versions of Mandriva GNU/Linux affected are:

  • 2006.0

Full information about this advisory, including the updated packages, is available at:

wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:216

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites

 Share

×
×
  • Create New...