Bug 112902 - sys-fs/fuse: fusermount can corrupt /etc/mtab (CVE-2005-3531)
|
Bug#:
112902
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: koon@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://cvs.sourceforge.net/viewcvs.py/fuse/fuse/util/fusermount.c?r1=1.69&r2=1.70
|
|
Summary: sys-fs/fuse: fusermount can corrupt /etc/mtab (CVE-2005-3531)
|
|
Keywords:
|
|
Status Whiteboard: B2? [glsa] koon
|
|
Opened: 2005-11-18 04:55 0000
|
Thomas Biege discovered that fusermount can be abused to corrupt the /etc/mtab.
He thinks it can be used to set mount options for the fuse FS. This only works
if fusermount is setuid root (default on Gentoo) :
-rwsr-xr-x 1 root root 18820 Nov 18 13:47 fusermount
Miklos Szeredi <miklos@szeredi.hu> is preparing a patch, waiting for the
disclosure date.
Ccing maintainer.
genstef: please prepare a new ebuild but do not commit anything to Portage yet.
We are waiting for an embargo end date.
Fix committed to upstream CVS. Please provide and commit an updated ebuild.
genstef, just note the bug # in the Changelog for now and nothing else.
I committed an updated ebuild, 2.4.1-r1
I hope it is ok, that I revbumped it
Thx Stefan.
Arch security liaisons, please test and mark stable. Don't do any verbose
Changelogs at this time, it's still not completely public.
Calling:
ppc -> hansmi
amd64 -> blubb
x86 -> halcy0n
Waiting for public disclsure.
