Vulnerabilities > CVE-2018-10906 - Improper Privilege Management vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Restful Privilege Elevation Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Exploit-Db
| description | fusermount - user_allow_other Restriction Bypass and SELinux Label Control. CVE-2018-10906. Dos exploit for Linux platform |
| file | exploits/linux/dos/45106.c |
| id | EDB-ID:45106 |
| last seen | 2018-07-30 |
| modified | 2018-07-30 |
| platform | linux |
| port | |
| published | 2018-07-30 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/45106/ |
| title | fusermount - user_allow_other Restriction Bypass and SELinux Label Control |
| type | dos |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1468.NASL description CVE-2018-10906 This is a fix for a restriction bypass of the last seen 2020-06-01 modified 2020-06-02 plugin id 111765 published 2018-08-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111765 title Debian DLA-1468-1 : fuse security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1468-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(111765); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:05"); script_cve_id("CVE-2018-10906"); script_name(english:"Debian DLA-1468-1 : fuse security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2018-10906 This is a fix for a restriction bypass of the 'allow_other' option when SELinux is active. For Debian 8 'Jessie', this problem has been fixed in version 2.9.3-15+deb8u3. We recommend that you upgrade your fuse packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/fuse" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fuse-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfuse-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfuse2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"fuse", reference:"2.9.3-15+deb8u3")) flag++; if (deb_check(release:"8.0", prefix:"fuse-dbg", reference:"2.9.3-15+deb8u3")) flag++; if (deb_check(release:"8.0", prefix:"libfuse-dev", reference:"2.9.3-15+deb8u3")) flag++; if (deb_check(release:"8.0", prefix:"libfuse2", reference:"2.9.3-15+deb8u3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0204_FUSE.NASL description An update of the fuse package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122022 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122022 title Photon OS 1.0: Fuse PHSA-2019-1.0-0204 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0204. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122022); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-10906"); script_name(english:"Photon OS 1.0: Fuse PHSA-2019-1.0-0204"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the fuse package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-204.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10906"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:fuse"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"fuse-2.9.5-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"fuse-debuginfo-2.9.5-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"fuse-devel-2.9.5-3.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3260-1.NASL description This update for fuse fixes the following issues : CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 120136 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120136 title SUSE SLED15 / SLES15 Security Update : fuse (SUSE-SU-2018:3260-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:3260-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(120136); script_version("1.3"); script_cvs_date("Date: 2019/09/10 13:51:49"); script_cve_id("CVE-2018-10906"); script_name(english:"SUSE SLED15 / SLES15 Security Update : fuse (SUSE-SU-2018:3260-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for fuse fixes the following issues : CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1101797" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10906/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20183260-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45dec9c9" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2340=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fuse-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fuse-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:fuse-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfuse2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfuse2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libulockmgr1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libulockmgr1-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", reference:"fuse-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"fuse-debuginfo-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"fuse-debugsource-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"fuse-devel-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"fuse-doc-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libfuse2-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libfuse2-debuginfo-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libulockmgr1-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libulockmgr1-debuginfo-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"fuse-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"fuse-debuginfo-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"fuse-debugsource-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"fuse-devel-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"fuse-doc-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libfuse2-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libfuse2-debuginfo-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libulockmgr1-2.9.7-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libulockmgr1-debuginfo-2.9.7-3.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1003.NASL description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the last seen 2020-05-06 modified 2019-01-08 plugin id 120991 published 2019-01-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120991 title EulerOS 2.0 SP5 : fuse (EulerOS-SA-2019-1003) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(120991); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-10906" ); script_name(english:"EulerOS 2.0 SP5 : fuse (EulerOS-SA-2019-1003)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the 'user_allow_other' restriction when SELinux is active (CVE-2018-10906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1003 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e72df4e"); script_set_attribute(attribute:"solution", value: "Update the affected fuse package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/08"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:fuse-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:fuse-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["fuse-2.9.2-11.h3.eulerosv2r7", "fuse-devel-2.9.2-11.h3.eulerosv2r7", "fuse-libs-2.9.2-11.h3.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0204_ELFUTILS.NASL description An update of the elfutils package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 122021 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122021 title Photon OS 1.0: Elfutils PHSA-2019-1.0-0204 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0204. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(122021); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-16062"); script_name(english:"Photon OS 1.0: Elfutils PHSA-2019-1.0-0204"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the elfutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-204.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10906"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-debuginfo-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-devel-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-devel-static-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-libelf-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-libelf-devel-0.169-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"elfutils-libelf-devel-static-0.169-3.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils"); }NASL family Fedora Local Security Checks NASL id FEDORA_2019-FD54B80806.NASL description Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123767 published 2019-04-05 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123767 title Fedora 28 : fuse (2019-fd54b80806) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1228.NASL description This update for fuse fixes the following issues : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the last seen 2020-06-05 modified 2018-10-24 plugin id 118343 published 2018-10-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118343 title openSUSE Security Update : fuse (openSUSE-2018-1228) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-13948-1.NASL description This update for fuse fixes the following issues : Security issue fixed : CVE-2018-10906: Fix a bypass of the user_allow_other restriction (bsc#1101797) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122094 published 2019-02-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122094 title SUSE SLES11 Security Update : fuse (SUSE-SU-2019:13948-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1442.NASL description According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 124945 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124945 title EulerOS Virtualization 3.0.1.0 : fuse (EulerOS-SA-2019-1442) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4257.NASL description Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the last seen 2020-06-01 modified 2020-06-02 plugin id 111395 published 2018-07-30 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111395 title Debian DSA-4257-1 : fuse - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1387.NASL description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the last seen 2020-05-06 modified 2018-12-10 plugin id 119515 published 2018-12-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119515 title EulerOS 2.0 SP3 : fuse (EulerOS-SA-2018-1387) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1186.NASL description According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-03-19 modified 2019-04-09 plugin id 123872 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123872 title EulerOS Virtualization 2.5.3 : fuse (EulerOS-SA-2019-1186) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0177_FUSE.NASL description An update of the fuse package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 129690 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129690 title Photon OS 2.0: Fuse PHSA-2019-2.0-0177 NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1225.NASL description This update for fuse fixes the following security issue : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the last seen 2020-06-05 modified 2018-10-24 plugin id 118340 published 2018-10-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118340 title openSUSE Security Update : fuse (openSUSE-2018-1225) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1123.NASL description A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 119506 published 2018-12-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119506 title Amazon Linux 2 : fuse (ALAS-2018-1123) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-823.NASL description This update for fuse fixes the following issues : - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 123347 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123347 title openSUSE Security Update : fuse (openSUSE-2019-823) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3324.NASL description An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es) : * fuse: bypass of the last seen 2020-06-01 modified 2020-06-02 plugin id 119003 published 2018-11-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119003 title CentOS 7 : fuse (CESA-2018:3324) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3324.NASL description An update for fuse is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es) : * fuse: bypass of the last seen 2020-06-01 modified 2020-06-02 plugin id 118540 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118540 title RHEL 7 : fuse (RHSA-2018:3324) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1409.NASL description According to the version of the fuse packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 119898 published 2018-12-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119898 title EulerOS Virtualization 2.5.2 : fuse (EulerOS-SA-2018-1409) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0073_FUSE.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fuse packages installed that are affected by a vulnerability: - A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 127278 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127278 title NewStart CGSL CORE 5.04 / MAIN 5.04 : fuse Vulnerability (NS-SA-2019-0073) NASL family Scientific Linux Local Security Checks NASL id SL_20181030_FUSE_ON_SL7_X.NASL description Security Fix(es) : - fuse: bypass of the last seen 2020-03-18 modified 2018-11-27 plugin id 119181 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119181 title Scientific Linux Security Update : fuse on SL7.x x86_64 (20181030) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-3219-1.NASL description This update for fuse fixes the following security issue : CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 118222 published 2018-10-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118222 title SUSE SLED12 / SLES12 Security Update : fuse (SUSE-SU-2018:3219-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-DD00364B71.NASL description Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124545 published 2019-05-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124545 title Fedora 30 : fuse (2019-dd00364b71) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1123.NASL description A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 124199 published 2019-04-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124199 title Amazon Linux AMI : fuse (ALAS-2018-1123) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1382.NASL description According to the version of the fuse packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in fuse. When SELinux is active, fusermount 1is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the last seen 2020-06-01 modified 2020-06-02 plugin id 124885 published 2019-05-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124885 title EulerOS Virtualization for ARM 64 3.0.1.0 : fuse (EulerOS-SA-2019-1382) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1048.NASL description According to the version of the fuse packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - fuse: bypass of the last seen 2020-05-06 modified 2019-02-22 plugin id 122375 published 2019-02-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122375 title EulerOS 2.0 SP2 : fuse (EulerOS-SA-2019-1048) NASL family Fedora Local Security Checks NASL id FEDORA_2019-31722B8F33.NASL description Update fuse to 2.9.9, fuse3 to 3.4.2. Also fixes CVE-2018-10906, and adds missing fusermount.1 man page. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123535 published 2019-04-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123535 title Fedora 29 : fuse (2019-31722b8f33)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/148749/GS20180730174043.txt |
| id | PACKETSTORM:148749 |
| last seen | 2018-07-31 |
| published | 2018-07-30 |
| reporter | Jann Horn |
| source | https://packetstormsecurity.com/files/148749/fusermount-Restriction-Bypass.html |
| title | fusermount Restriction Bypass |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906
- https://www.debian.org/security/2018/dsa-4257
- https://www.exploit-db.com/exploits/45106/
- https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html
- https://access.redhat.com/errata/RHSA-2018:3324
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/