Vulnerabilities > CVE-2005-3531 - Unspecified vulnerability in Miklos Szeredi Fuse
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-216.NASL description Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 20448 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20448 title Mandrake Linux Security Advisory : fuse (MDKSA-2005:216) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200511-17.NASL description The remote host is affected by the vulnerability described in GLSA-200511-17 (FUSE: mtab corruption through fusermount) Thomas Biege discovered that fusermount fails to securely handle special characters specified in mount points. Impact : A local attacker could corrupt the contents of the /etc/mtab file by mounting over a maliciously-named directory using fusermount, potentially allowing the attacker to set unauthorized mount options. This is possible only if fusermount is installed setuid root, which is the default in Gentoo. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20261 published 2005-12-07 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20261 title GLSA-200511-17 : FUSE: mtab corruption through fusermount