CVE-2018-10906
Description
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the allow_other mount option regardless of whether user_allow_other is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.054
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| fuse security update(DSA-4257-1) fuse_2.9.7-1+deb9u1_i386.deb | Linux |
| fuse security update(DSA-4257-1) fuse_2.9.7-1+deb9u1_amd64.deb | Linux |
| SUSE-SU-2018:3219-1(SUSE Linux Enterprise Desktop 12-SP3 ) fuse-2.9.3-6.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3219-1(SUSE Linux Enterprise Desktop 12-SP3 ) fuse-debuginfo-2.9.3-6.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3219-1(SUSE Linux Enterprise Desktop 12-SP3 ) fuse-debugsource-2.9.3-6.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3219-1(SUSE Linux Enterprise Desktop 12-SP3 ) libfuse2-2.9.3-6.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3219-1(SUSE Linux Enterprise Desktop 12-SP3 ) libfuse2-debuginfo-2.9.3-6.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13948-1(SUSE Linux Enterprise Server 11-SP4 ) fuse-2.8.7-0.11.3.1.i586.rpm | Linux |
| SUSE-SU-2019:13948-1(SUSE Linux Enterprise Server 11-SP4 ) fuse-2.8.7-0.11.3.1.x86_64.rpm | Linux |
| SUSE-SU-2019:13948-1(SUSE Linux Enterprise Server 11-SP4 ) libfuse2-2.8.7-0.11.3.1.i586.rpm | Linux |
| SUSE-SU-2019:13948-1(SUSE Linux Enterprise Server 11-SP4 ) libfuse2-2.8.7-0.11.3.1.x86_64.rpm | Linux |
| (RHSA-2018:3324)Moderate: security update fuse-debuginfo-2.9.2-11.el7.i686.rpm | Linux |
| (RHSA-2018:3324)Moderate: security update fuse-debuginfo-2.9.2-11.el7.x86_64.rpm | Linux |
| Fuse update (ELSA-2020-5773) fuse-2.9.4-1.0.7.el7.x86_64.rpm | Linux |
| Fuse-devel update (ELSA-2020-5773) fuse-devel-2.9.4-1.0.7.el7.i686.rpm | Linux |
| Fuse-devel update (ELSA-2020-5773) fuse-devel-2.9.4-1.0.7.el7.x86_64.rpm | Linux |
| Fuse-libs update (ELSA-2020-5773) fuse-libs-2.9.4-1.0.7.el7.i686.rpm | Linux |
| Fuse-libs update (ELSA-2020-5773) fuse-libs-2.9.4-1.0.7.el7.x86_64.rpm | Linux |
| fuse Security Update (ALAS-2018-1123) fuse-2.9.2-11.amzn2.x86_64.rpm | Linux |
| fuse Security Update (ALAS-2018-1123) fuse-libs-2.9.2-11.amzn2.i686.rpm | Linux |
| fuse Security Update (ALAS-2018-1123) fuse-libs-2.9.2-11.amzn2.x86_64.rpm | Linux |
| fuse Security Update (ALAS-2018-1123) fuse-devel-2.9.2-11.amzn2.x86_64.rpm | Linux |
| Improper Privilege Management Vulnerability (CVE-2018-10906) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234