[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow_other’
mount
option regardless of whether ‘user_allow_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
(from redmine: issue id 9151, created on 2018-07-30, closed on 2018-07-31)
- Relations:
- copied_to #9150 (closed)
- parent #9150 (closed)
- Changesets:
- Revision cab094ae by Natanael Copa on 2018-07-30T16:03:32Z:
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9151