Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 112902

Summary: sys-fs/fuse: fusermount can corrupt /etc/mtab (CVE-2005-3531)
Product: Gentoo Security Reporter: Thierry Carrez (RETIRED) <koon>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: genstef
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cvs.sourceforge.net/viewcvs.py/fuse/fuse/util/fusermount.c?r1=1.69&r2=1.70
Whiteboard: B2? [glsa] koon
Package list:
Runtime testing required: ---
Attachments:
Description Flags
fusermount.patch none

Description Thierry Carrez (RETIRED) gentoo-dev 2005-11-18 04:55:55 UTC 
Thomas Biege discovered that fusermount can be abused to corrupt the /etc/mtab.
He thinks it can be used to set mount options for the fuse FS. This only works
if fusermount is setuid root (default on Gentoo) :

-rwsr-xr-x  1 root root 18820 Nov 18 13:47 fusermount

Miklos Szeredi <miklos@szeredi.hu> is preparing a patch, waiting for the
disclosure date.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-11-19 03:32:17 UTC 
Created attachment 73173 [details, diff]
fusermount.patch

Patch from Miklos.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-11-19 03:33:43 UTC 
Ccing maintainer. 
genstef: please prepare a new ebuild but do not commit anything to Portage yet.
We are waiting for an embargo end date.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-19 13:17:49 UTC 
Fix committed to upstream CVS. Please provide and commit an updated ebuild.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-19 14:20:11 UTC 
genstef, just note the bug # in the Changelog for now and nothing else.
Comment 5 Stefan Schweizer (RETIRED) gentoo-dev 2005-11-19 15:24:26 UTC 
I committed an updated ebuild, 2.4.1-r1

I hope it is ok, that I revbumped it
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-19 23:49:01 UTC 
Thx Stefan. 
 
Arch security liaisons, please test and mark stable. Don't do any verbose  
Changelogs at this time, it's still not completely public. 
  
Calling:  
ppc -> hansmi  
amd64 -> blubb  
x86 -> halcy0n
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-11-20 02:21:38 UTC 
Marked stable on ppc.
Comment 8 Simon Stelling (RETIRED) gentoo-dev 2005-11-20 11:03:05 UTC 
sir, amd64 stable, sir.
Comment 9 Mark Loeser (RETIRED) gentoo-dev 2005-11-20 11:30:46 UTC 
x86 done
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-11-20 13:02:07 UTC 
Waiting for public disclsure.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2005-11-22 08:58:27 UTC 
GLSA 200511-17