ID CVE-2018-10906
Summary In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Fuse project Fuse 2.9.2
    cpe:2.3:a:fuse_project:fuse:2.9.2
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 4.6
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
exploit-db via4
description fusermount - user_allow_other Restriction Bypass and SELinux Label Control. CVE-2018-10906. Dos exploit for Linux platform
file exploits/linux/dos/45106.c
id EDB-ID:45106
last seen 2018-07-30
modified 2018-07-30
platform linux
port
published 2018-07-30
reporter Exploit-DB
source https://www.exploit-db.com/download/45106/
title fusermount - user_allow_other Restriction Bypass and SELinux Label Control
type dos
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1003.NASL
    description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-08
    plugin id 120991
    published 2019-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120991
    title EulerOS 2.0 SP5 : fuse (EulerOS-SA-2019-1003)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1387.NASL
    description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119515
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119515
    title EulerOS 2.0 SP3 : fuse (EulerOS-SA-2018-1387)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1228.NASL
    description This update for fuse fixes the following issues : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-15:Update update project.
    last seen 2019-02-21
    modified 2018-10-24
    plugin id 118343
    published 2018-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118343
    title openSUSE Security Update : fuse (openSUSE-2018-1228)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2019-1_0-0204_FUSE.NASL
    description An update of the fuse package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 122022
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122022
    title Photon OS 1.0: Fuse PHSA-2019-1.0-0204
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3260-1.NASL
    description This update for fuse fixes the following issues : CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 120136
    published 2019-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120136
    title SUSE SLED15 / SLES15 Security Update : fuse (SUSE-SU-2018:3260-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1409.NASL
    description According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.(CVE-2018-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 119898
    published 2018-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119898
    title EulerOS Virtualization 2.5.2 : fuse (EulerOS-SA-2018-1409)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1123.NASL
    description A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.(CVE-2018-10906)
    last seen 2019-02-21
    modified 2018-12-10
    plugin id 119506
    published 2018-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119506
    title Amazon Linux 2 : fuse (ALAS-2018-1123)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_FUSE_ON_SL7_X.NASL
    description Security Fix(es) : - fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119181
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119181
    title Scientific Linux Security Update : fuse on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-13948-1.NASL
    description This update for fuse fixes the following issues : Security issue fixed : CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-11
    plugin id 122094
    published 2019-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122094
    title SUSE SLES11 Security Update : fuse (SUSE-SU-2019:13948-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1468.NASL
    description CVE-2018-10906 This is a fix for a restriction bypass of the 'allow_other' option when SELinux is active. For Debian 8 'Jessie', this problem has been fixed in version 2.9.3-15+deb8u3. We recommend that you upgrade your fuse packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-10-03
    plugin id 111765
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111765
    title Debian DLA-1468-1 : fuse security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-3219-1.NASL
    description This update for fuse fixes the following security issue : CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118222
    published 2018-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118222
    title SUSE SLED12 / SLES12 Security Update : fuse (SUSE-SU-2018:3219-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4257.NASL
    description Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 111395
    published 2018-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111395
    title Debian DSA-4257-1 : fuse - security update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1048.NASL
    description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-23
    modified 2019-02-22
    plugin id 122375
    published 2019-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122375
    title EulerOS 2.0 SP2 : fuse (EulerOS-SA-2019-1048)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3324.NASL
    description An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es) : * fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118540
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118540
    title RHEL 7 : fuse (RHSA-2018:3324)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-1225.NASL
    description This update for fuse fixes the following security issue : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-10-24
    plugin id 118340
    published 2018-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118340
    title openSUSE Security Update : fuse (openSUSE-2018-1225)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3324.NASL
    description An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es) : * fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 119003
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119003
    title CentOS 7 : fuse (CESA-2018:3324)
packetstorm via4
data source https://packetstormsecurity.com/files/download/148749/GS20180730174043.txt
id PACKETSTORM:148749
last seen 2018-07-31
published 2018-07-30
reporter Jann Horn
source https://packetstormsecurity.com/files/148749/fusermount-Restriction-Bypass.html
title fusermount Restriction Bypass
redhat via4
advisories
bugzilla
id 1602996
title restriction when SELinux is active
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment fuse is earlier than 0:2.9.2-11.el7
        oval oval:com.redhat.rhsa:tst:20183324005
      • comment fuse is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111083006
    • AND
      • comment fuse-devel is earlier than 0:2.9.2-11.el7
        oval oval:com.redhat.rhsa:tst:20183324009
      • comment fuse-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111083008
    • AND
      • comment fuse-libs is earlier than 0:2.9.2-11.el7
        oval oval:com.redhat.rhsa:tst:20183324007
      • comment fuse-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111083010
rhsa
id RHSA-2018:3324
released 2018-10-30
severity Moderate
title RHSA-2018:3324: fuse security update (Moderate)
rpms
  • fuse-0:2.9.2-11.el7
  • fuse-devel-0:2.9.2-11.el7
  • fuse-libs-0:2.9.2-11.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906
debian DSA-4257
exploit-db 45106
fedora
  • FEDORA-2019-31722b8f33
  • FEDORA-2019-dd00364b71
  • FEDORA-2019-fd54b80806
mlist [debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update
Last major update 24-07-2018 - 16:29
Published 24-07-2018 - 16:29
Last modified 05-04-2019 - 01:29
Back to Top