Ubuntu Security Notice 5326-1 - It was discovered that FUSE is susceptible to a restriction bypass flaw on a system that has SELinux active. A local attacker with non-root privileges could mount a FUSE file system that is accessible to other users and trick them into accessing files on that file system, which could result in a Denial of Service or other unspecified conditions.
0f13d64ecbaa2b12059bb1588f8db131119cf3c35938ac23b6462cd8d6c0c8f5Red Hat Security Advisory 2018-3324-01 - The fuse packages contain the File System in Userspace tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Issues addressed include a bypass vulnerability.
0e6d5ccd47717d7d6cdd649dfe6b22283b0d7e368aef1af0cefe2d1071c24371Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.
6ae379afa1bdb3daca80e53b902623ac0af07b819114316f385107c5a5c45863It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.
f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed