Project

General

Profile

Bug #9152

Bug #9150: fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)

[3.8] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)

Added by Alicha CH 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
07/30/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the 'allow_other' mount
option regardless of whether 'user_allow_other' is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file system,
accessible by other users, and trick them into accessing files on that file
system, possibly causing Denial of Service or other unspecified effects.

References:

http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906

Patches:

https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414


Related issues

Copied from Alpine Linux - Bug #9150: fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)Closed2018-07-30

Associated revisions

Revision fb1ef758 (diff)
Added by Natanael Copa 6 months ago

main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)

fixes #9152

History

#1 Updated by Alicha CH 6 months ago

  • Copied from Bug #9150: fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) added

#2 Updated by Natanael Copa 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-10906)

Also available in: Atom PDF