fkie_nvd - fkie_cve-2011-0541

fkie_cve-2011-0541

Vulnerability from fkie_nvd

Published

2011-09-02 23:55

Modified

2025-04-11 00:51

Severity ?

Summary

fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack.

References

URL	Tags
secalert@redhat.com	http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/02/02/2
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/02/03/5	Patch
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2011/02/08/4	Patch
af854a3a-2127-422b-91ae-364da2661108	http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/02/02/2
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/02/03/5	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2011/02/08/4	Patch

Impacted products

Vendor	Product	Version
fuse	fuse	*
fuse	fuse	1.9
fuse	fuse	2.0
fuse	fuse	2.0
fuse	fuse	2.1
fuse	fuse	2.2
fuse	fuse	2.2.1
fuse	fuse	2.3
fuse	fuse	2.3
fuse	fuse	2.3.0
fuse	fuse	2.4.0
fuse	fuse	2.4.1
fuse	fuse	2.4.2
fuse	fuse	2.5.0
fuse	fuse	2.5.1
fuse	fuse	2.5.2
fuse	fuse	2.5.3
fuse	fuse	2.6.0
fuse	fuse	2.6.1
fuse	fuse	2.6.3
fuse	fuse	2.6.5
fuse	fuse	2.7.0
fuse	fuse	2.7.1
fuse	fuse	2.7.2
fuse	fuse	2.7.3
fuse	fuse	2.7.4
fuse	fuse	2.7.5
fuse	fuse	2.7.6
fuse	fuse	2.8.0
fuse	fuse	2.8.1
fuse	fuse	2.8.2
fuse	fuse	2.8.3
fuse	fuse	2.8.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fuse:fuse:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7C6543-6BB7-43AE-8021-13939D2EACF4",
              "versionEndIncluding": "2.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "55969766-1B53-4987-BED1-69210D870159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*",
              "matchCriteriaId": "975404B1-A1D7-498E-BCAF-27F6F0C6D6DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "725C66E7-CDE5-447F-A718-1F8E09DBD03B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D694A371-E110-404C-8A8B-E162BE7CC420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57EA26ED-6A5B-46FD-B776-56164C2CA2A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4070A046-AFAF-47E7-8143-950E7113F7D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*",
              "matchCriteriaId": "F58FB896-AC2F-44F6-B225-6B1E8B5D5AAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "046B9EE6-597B-4668-A7E3-3B2E19F2F1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6E73A6-7598-43D0-85B6-36854D241753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C84298D-29DA-4E25-872C-C01123DC264B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79145A4A-180B-4A01-9B27-FF41C80C8A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FB5A17-317D-4FCD-9135-7B6FBFF43122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "86127064-585A-491A-9C02-3868293287E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9AFE150-9202-478D-B9A5-A06631A7F654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A203B9AA-AC5A-4F97-8B22-FD4CE9A5E9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88FC4B0-D669-4B8C-9F0E-8B40FD269707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C58DA611-5C3C-48B5-9A97-AF61E79C2A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "745A4F8C-CB3C-40CF-9358-89403CDAC064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA50E0DD-E42D-4A6B-A2D1-5EB5E032A3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "166EEDD0-41AC-48F6-BB41-2199E07D70C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55B8E8CD-A4C9-4542-BA8E-6A59352225F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3168CEE0-DCB6-48DC-B1A1-A7A24E0D4455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "553EBB29-A227-428F-A752-BDFB100C954D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55859957-F60A-452F-B41F-1C08ABA073A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E20A7A1-54C5-427C-8232-E4E8CCB16AC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "43BCF81C-3331-4298-AA82-EDC61155F60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C8B55A7-2466-42AA-A14F-23931BC09904",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87529BC7-BE88-4EF6-9B30-01345B1F1EE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2937E05D-CEEC-4048-9151-575BD71CDD6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3DCC2C7-1BC7-43D6-8AE8-717E4D834131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "72A18ED3-3322-4DB0-9E68-1952B739A409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fuse:fuse:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA99C51F-D71E-4B6D-A6BB-A9BD198F8074",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack."
    },
    {
      "lang": "es",
      "value": "Fuse v2.8.5 y anteriores no se comporta de forma adecuada cuando /etc/mtlab no puede ser actualizado, lo que permite a usuarios locales desmontar directorios de su elecci\u00f3n a trav\u00e9s de un ataque de enlaces simb\u00f3licos."
    }
  ],
  "id": "CVE-2011-0541",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-02T23:55:02.227",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-0541 (GCVE-0-2011-0541)

Vulnerability from cvelistv5

Published

2011-09-02 23:00