CVE-2011-0542

Name of the Vulnerable Software and Affected Versions fuse versions 2.8.3 through 2.8.5 fuse-devel versions 2.8.3 fuse-libs versions 2.8.3 fuse-debuginfo versions 2.8.3

Description The issue concerns multiple vulnerabilities in the fuse package of Red Hat Enterprise Linux, which can lead to disruption of data integrity and availability. These vulnerabilities can be exploited remotely. Local users can also unmount arbitrary directories via unspecified vectors due to the behavior of fusermount in fuse versions 2.8.5 and earlier, which does not perform a chdir to / before performing a mount or umount.

Recommendations For fuse versions 2.8.3 through 2.8.5, consider updating to a version later than 2.8.5 to resolve the issue. For fuse-devel version 2.8.3, update to a version later than 2.8.3. For fuse-libs version 2.8.3, update to a version later than 2.8.3. For fuse-debuginfo version 2.8.3, update to a version later than 2.8.3. As a temporary workaround, consider restricting access to the fusermount functionality until a patch is available.