oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: fuse

[oss-security] CVE request: fuse

From: Marc Deslauriers <marc.deslauriers_at_nospam>
Date: Wed Feb 02 2011 - 04:12:22 GMT
To: oss-security@lists.openwall.com

Hello,

A few more fixes have made their way to FUSE to prevent TOCTTOU symlink
attacks. An unprivileged user was able to unmount arbitrary mounts:

http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=bf5ffb5fd8558bd799791834def431c0cee5a11f
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=1e7607ff89c65b005f69e27aeb1649d624099873
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47

Could we please get one or more CVE numbers for them?

Thanks,

Marc.

-- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/