oss-sec mailing list archives
[CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option when SELinux is active
From: Nikolaus Rath <nikolaus () rath org>
Date: Tue, 24 Jul 2018 12:27:56 +0100
Hi, I've just released updated versions of libfuse 2.x and libfuse 3.x that fix CVE-2018-10906. Jann Horn discovered that it is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active. fusermount is a (typically setuid) helper for mounting FUSE file systems. Best, -Nikolaus -- GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F »Time flies like an arrow, fruit flies like a Banana.«
Current thread:
- [CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option when SELinux is active Nikolaus Rath (Jul 24)