aru Posted November 24, 2005 Report Share Posted November 24, 2005 Mandriva Advisories MDKSA-2005:216 : fuse Updated fuse packages fix vulnerability November 24th, 2005 Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount.This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. The released versions of Mandriva GNU/Linux affected are: 2006.0Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:216 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3531 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts