Internet threat level: 1
Home→Descriptions→SA38261
FUSE "fusermount" Race Condition Denial of Service
| Secunia ID | |
| CVE-ID | |
| Release Date |
29 Jan 2010 |
| Last Change |
01 Mar 2011 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
FUSE 2.x |
| Where | |
| Impact |
DoS (Denial of Service)This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. Security BypassThis covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application. |
| Description |
A security issue has been reported in FUSE (File System in Userspace), which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to a race condition within the "fusermount" utility when performing unmount operations, which can be exploited to e.g. unmount arbitrary FUSE mounts via symlink attacks. Note: Successful exploitation requires that the attacker is a member of the "fuse" group. The security issue is reported in versions prior to 2.7.5 or 2.8.2. |
| Solution |
Update to version 2.7.5 or 2.8.2. |
| Reported by |
Dan Rosenberg |
| Original Advisory |
Red Hat Bug #577279: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.