FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fuse | fuse | 2.2.1 |
| fuse | fuse | 2.3_rc1 |
| fuse | fuse | 2.3_pre |
| fuse | fuse | 2.2 |
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fuse | fuse | 2.2.1 |
| fuse | fuse | 2.7.4 |
| fuse | fuse | 2.6.5 |
| fuse | fuse | 2.5.1 |
| fuse | fuse | 2.6.0 |
| fuse | fuse | 2.6.3 |
| fuse | fuse | 2.2 |
| fuse | fuse | 2.5.0 |
| fuse | fuse | 2.0 |
| fuse | fuse | 2.6.1 |
| fuse | fuse | 2.7.0 |
| fuse | fuse | 2.7.1 |
| fuse | fuse | 2.4.0 |
| fuse | fuse | 2.1 |
| fuse | fuse | 2.7.2 |
| fuse | fuse | 1.9 |
| fuse | fuse | 2.3 |
| fuse | fuse | 2.7.3 |
| fuse | fuse | 2.5.2 |
| fuse | fuse | 2.3.0 |
| fuse | fuse | 2.4.2 |
| fuse | fuse | 2.5.3 |
| fuse | fuse | 2.4.1 |
fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fuse | fuse | 2.2.1 |
| fuse | fuse | 2.8.0 |
| fuse | fuse | 2.7.4 |
| fuse | fuse | 2.6.5 |
| fuse | fuse | 2.5.1 |
| fuse | fuse | 2.7.1 |
| fuse | fuse | 2.4.0 |
| fuse | fuse | 2.1 |
| fuse | fuse | 2.7.2 |
| fuse | fuse | 2.7.5 |
| fuse | fuse | 2.3 |
| fuse | fuse | 2.5.2 |
| fuse | fuse | 2.8.3 |
| fuse | fuse | 2.3.0 |
| fuse | fuse | 2.5.3 |
| fuse | fuse | 2.4.1 |
| fuse | fuse | 2.8.4 |
| fuse | fuse | 2.7.6 |
| fuse | fuse | 2.8.1 |
| fuse | fuse | * |
| fuse | fuse | 2.6.0 |
| fuse | fuse | 2.6.3 |
| fuse | fuse | 2.2 |
| fuse | fuse | 2.5.0 |
| fuse | fuse | 2.0 |
| fuse | fuse | 2.6.1 |
| fuse | fuse | 2.7.0 |
| fuse | fuse | 2.8.2 |
| fuse | fuse | 1.9 |
| fuse | fuse | 2.7.3 |
| fuse | fuse | 2.4.2 |
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fuse | fuse | 2.2.1 |
| fuse | fuse | 2.8.0 |
| fuse | fuse | 2.7.4 |
| fuse | fuse | 2.6.5 |
| fuse | fuse | 2.5.1 |
| fuse | fuse | 2.7.1 |
| fuse | fuse | 2.4.0 |
| fuse | fuse | 2.1 |
| fuse | fuse | 2.7.2 |
| fuse | fuse | 2.7.5 |
| fuse | fuse | 2.3 |
| fuse | fuse | 2.5.2 |
| fuse | fuse | 2.8.3 |
| fuse | fuse | 2.3.0 |
| fuse | fuse | 2.5.3 |
| fuse | fuse | 2.4.1 |
| fuse | fuse | 2.8.4 |
| fuse | fuse | 2.7.6 |
| fuse | fuse | 2.8.1 |
| fuse | fuse | * |
| fuse | fuse | 2.6.0 |
| fuse | fuse | 2.6.3 |
| fuse | fuse | 2.2 |
| fuse | fuse | 2.5.0 |
| fuse | fuse | 2.0 |
| fuse | fuse | 2.6.1 |
| fuse | fuse | 2.7.0 |
| fuse | fuse | 2.8.2 |
| fuse | fuse | 1.9 |
| fuse | fuse | 2.7.3 |
| fuse | fuse | 2.4.2 |
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fuse | fuse | 2.2.1 |
| fuse | fuse | 2.8.0 |
| fuse | fuse | 2.7.4 |
| fuse | fuse | 2.6.5 |
| fuse | fuse | 2.5.1 |
| fuse | fuse | 2.7.1 |
| fuse | fuse | 2.4.0 |
| fuse | fuse | 2.1 |
| fuse | fuse | 2.7.2 |
| fuse | fuse | 2.7.5 |
| fuse | fuse | 2.3 |
| fuse | fuse | 2.5.2 |
| fuse | fuse | 2.8.3 |
| fuse | fuse | 2.3.0 |
| fuse | fuse | 2.5.3 |
| fuse | fuse | 2.4.1 |
| fuse | fuse | 2.8.4 |
| fuse | fuse | 2.7.6 |
| fuse | fuse | 2.8.1 |
| fuse | fuse | * |
| fuse | fuse | 2.6.0 |
| fuse | fuse | 2.6.3 |
| fuse | fuse | 2.2 |
| fuse | fuse | 2.5.0 |
| fuse | fuse | 2.0 |
| fuse | fuse | 2.6.1 |
| fuse | fuse | 2.7.0 |
| fuse | fuse | 2.8.2 |
| fuse | fuse | 1.9 |
| fuse | fuse | 2.7.3 |
| fuse | fuse | 2.4.2 |