oss-sec mailing list archives
Re: CVE request: fuse
From: Josh Bressers <bressers () redhat com>
Date: Thu, 3 Feb 2011 11:17:12 -0500 (EST)
----- Original Message -----
A few more fixes have made their way to FUSE to prevent TOCTTOU symlink attacks. An unprivileged user was able to unmount arbitrary mounts: http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873 http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47 Could we please get one or more CVE numbers for them?
I don't understand what these flaws are just by reading the commit
messages. Can you explain them?
Thanks.
--
JB
Current thread:
- CVE request: fuse Marc Deslauriers (Feb 01)
- Re: CVE request: fuse Josh Bressers (Feb 03)
- Re: CVE request: fuse Marc Deslauriers (Feb 03)
- Re: CVE request: fuse Josh Bressers (Feb 08)
- Re: CVE request: fuse Marc Deslauriers (Feb 03)
- Re: CVE request: fuse Josh Bressers (Feb 03)