MidnightBSD

Advisories for fuse

CVE-2005-1858 LOW

FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
fuse fuse 2.2.1
fuse fuse 2.3_rc1
fuse fuse 2.3_pre
fuse fuse 2.2
CVE-2010-0789 LOW

fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
fuse fuse 2.2.1
fuse fuse 2.7.4
fuse fuse 2.6.5
fuse fuse 2.5.1
fuse fuse 2.6.0
fuse fuse 2.6.3
fuse fuse 2.2
fuse fuse 2.5.0
fuse fuse 2.0
fuse fuse 2.6.1
fuse fuse 2.7.0
fuse fuse 2.7.1
fuse fuse 2.4.0
fuse fuse 2.1
fuse fuse 2.7.2
fuse fuse 1.9
fuse fuse 2.3
fuse fuse 2.7.3
fuse fuse 2.5.2
fuse fuse 2.3.0
fuse fuse 2.4.2
fuse fuse 2.5.3
fuse fuse 2.4.1
CVE-2011-0541 LOW

fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
fuse fuse 2.2.1
fuse fuse 2.8.0
fuse fuse 2.7.4
fuse fuse 2.6.5
fuse fuse 2.5.1
fuse fuse 2.7.1
fuse fuse 2.4.0
fuse fuse 2.1
fuse fuse 2.7.2
fuse fuse 2.7.5
fuse fuse 2.3
fuse fuse 2.5.2
fuse fuse 2.8.3
fuse fuse 2.3.0
fuse fuse 2.5.3
fuse fuse 2.4.1
fuse fuse 2.8.4
fuse fuse 2.7.6
fuse fuse 2.8.1
fuse fuse *
fuse fuse 2.6.0
fuse fuse 2.6.3
fuse fuse 2.2
fuse fuse 2.5.0
fuse fuse 2.0
fuse fuse 2.6.1
fuse fuse 2.7.0
fuse fuse 2.8.2
fuse fuse 1.9
fuse fuse 2.7.3
fuse fuse 2.4.2
CVE-2011-0542 LOW

fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
fuse fuse 2.2.1
fuse fuse 2.8.0
fuse fuse 2.7.4
fuse fuse 2.6.5
fuse fuse 2.5.1
fuse fuse 2.7.1
fuse fuse 2.4.0
fuse fuse 2.1
fuse fuse 2.7.2
fuse fuse 2.7.5
fuse fuse 2.3
fuse fuse 2.5.2
fuse fuse 2.8.3
fuse fuse 2.3.0
fuse fuse 2.5.3
fuse fuse 2.4.1
fuse fuse 2.8.4
fuse fuse 2.7.6
fuse fuse 2.8.1
fuse fuse *
fuse fuse 2.6.0
fuse fuse 2.6.3
fuse fuse 2.2
fuse fuse 2.5.0
fuse fuse 2.0
fuse fuse 2.6.1
fuse fuse 2.7.0
fuse fuse 2.8.2
fuse fuse 1.9
fuse fuse 2.7.3
fuse fuse 2.4.2
CVE-2011-0543 LOW

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
fuse fuse 2.2.1
fuse fuse 2.8.0
fuse fuse 2.7.4
fuse fuse 2.6.5
fuse fuse 2.5.1
fuse fuse 2.7.1
fuse fuse 2.4.0
fuse fuse 2.1
fuse fuse 2.7.2
fuse fuse 2.7.5
fuse fuse 2.3
fuse fuse 2.5.2
fuse fuse 2.8.3
fuse fuse 2.3.0
fuse fuse 2.5.3
fuse fuse 2.4.1
fuse fuse 2.8.4
fuse fuse 2.7.6
fuse fuse 2.8.1
fuse fuse *
fuse fuse 2.6.0
fuse fuse 2.6.3
fuse fuse 2.2
fuse fuse 2.5.0
fuse fuse 2.0
fuse fuse 2.6.1
fuse fuse 2.7.0
fuse fuse 2.8.2
fuse fuse 1.9
fuse fuse 2.7.3
fuse fuse 2.4.2