Gentoo Logo

FUSE: mtab corruption through fusermount

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200511-17 / FUSE
Release Date November 22, 2005
Latest Revision November 22, 2005: 01
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
sys-fs/fuse < 2.4.1-r1 >= 2.4.1-r1 All supported architectures

Related bugreports: #112902

Synopsis

The fusermount utility from FUSE can be abused to corrupt the /etc/mtab file contents, potentially allowing a local attacker to set unauthorized mount options.

2.  Impact Information

Background

FUSE (Filesystem in Userspace) allows implementation of a fully functional filesystem in a userspace program. The fusermount utility is used to mount/unmount FUSE file systems.

Description

Thomas Biege discovered that fusermount fails to securely handle special characters specified in mount points.

Impact

A local attacker could corrupt the contents of the /etc/mtab file by mounting over a maliciously-named directory using fusermount, potentially allowing the attacker to set unauthorized mount options. This is possible only if fusermount is installed setuid root, which is the default in Gentoo.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All FUSE users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/fuse-2.4.1-r1"

4.  References



Print

Page updated November 22, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.