CVE-2011-0543

Name of the Vulnerable Software and Affected Versions fuse versions 2.8.3 through 2.8.5 fuse-devel version 2.8.3 fuse-libs version 2.8.3 fuse-debuginfo version 2.8.3

Description The issue concerns multiple vulnerabilities in the fuse package of Red Hat Enterprise Linux, which can be exploited remotely to compromise the integrity and availability of protected information. Local users can bypass intended access restrictions and unmount arbitrary directories via a symlink attack when util-linux does not support the --no-canonicalize option.

Recommendations For fuse versions 2.8.3 through 2.8.5, consider updating to a version later than 2.8.5 to resolve the issue. For fuse-devel version 2.8.3, update to a newer version to mitigate the risk. For fuse-libs version 2.8.3, update to a newer version to mitigate the risk. For fuse-debuginfo version 2.8.3, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the fusermount functionality in fuse until a patch is available.