what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files

Fuse Local Privilege Escalation
Posted May 23, 2015
Authored by Tavis Ormandy

Fuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.

tags | exploit, local, proof of concept
systems | linux, ubuntu
advisories | CVE-2015-3202
SHA-256 | b50e101f0fd8a29c70f51dd4db578306c1a77f5520e6a8b981293987baf4ba67

Related Files

Debian Security Advisory 4257-1
Posted Jul 30, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.

tags | advisory, local
systems | linux, debian
advisories | CVE-2018-10906
SHA-256 | 6ae379afa1bdb3daca80e53b902623ac0af07b819114316f385107c5a5c45863
fusermount Restriction Bypass
Posted Jul 30, 2018
Authored by Jann Horn, Google Security Research

It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.

tags | exploit
advisories | CVE-2018-10906
SHA-256 | f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586c
Gentoo Linux Security Advisory 201603-04
Posted Mar 10, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201603-4 - The fusermount binary in FUSE does not properly clear the environment before invoking mount or umount as root that allows a local user to overwrite arbitrary files. Versions less than 2.9.4 are affected.

tags | advisory, arbitrary, local, root
systems | linux, gentoo
SHA-256 | 7f349aeb4d93dedf1af9154ffe4df03c5bbc6168335bf94f5ad2a86606f8a31f
Red Hat Security Advisory 2011-1083-01
Posted Jul 21, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1083-01 - FUSE can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543
SHA-256 | 570a3ac9c4d8ba47567744f3a2508ef5c64019b15a6120d40f7b53ce18ed1cd0
Unmount Any Filesystem Using fusermount
Posted Nov 3, 2010
Authored by halfdog | Site halfdog.net

At least on ubuntu lucid, the fusermount tool contains a timerace mounting a user filesystem and updating mtab, thus mtab entries with arbitrary paths can be created. Crafted mtab entries can then be used to unmount live parts of the filesystem. Proof of concept code included.

tags | exploit, arbitrary, proof of concept
systems | linux, ubuntu
SHA-256 | 042dadda335de672c21630853a0e117fb84f2a7885909c01be5c0e5ea8732cd2
Gentoo Linux Security Advisory 200511-17
Posted Nov 30, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200511-17 - Thomas Biege discovered that fusermount fails to securely handle special characters specified in mount points. Versions less than 2.4.1-r1 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | c252bb62a986e19acfbebfd92e33923b03bb4904985592643fe4b7762aa8fb41
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close