CVE-2010-3879

Name of the Vulnerable Software and Affected Versions FUSE versions 2.8.5 and earlier fuse-devel versions 2.8.3 fuse versions 2.8.3 fuse-libs versions 2.8.3 fuse-debuginfo versions 2.8.3

Description The issue allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem. Exploitation of the vulnerabilities may lead to disruption of integrity and availability of protected information and can be performed remotely.

Recommendations For FUSE versions 2.8.5 and earlier, consider restricting access to the mountpoint of the FUSE filesystem to minimize the risk of exploitation. For fuse-devel, fuse, fuse-libs, and fuse-debuginfo versions 2.8.3, as a temporary workaround, consider disabling the creation of mtab entries with arbitrary pathnames until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.