oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: fuse

From: Josh Bressers <bressers () redhat com>
Date: Fri, 5 Nov 2010 15:41:11 -0400 (EDT)
Please use CVE-2010-3879

Thanks.

-- 
    JB


----- "Marc Deslauriers" <marc.deslauriers () canonical com> wrote:


Hello,

There is an issue with FUSE that lets unprivileged users unmount
arbitrary locations via a symlink attack. This is a different issue
than
CVE-2009-3297 and CVE-2010-0789.

Ref.:

http://seclists.org/fulldisclosure/2010/Nov/15
http://www.halfdog.net/Security/FuseTimerace/

Thanks,

Marc.


-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/
Previous By Date Next
Previous By Thread Next

Current thread: