CVE-2010-3879
NONE
Published Jan 22, 201115y ago · Modified Jun 16, 20262w ago
Published Jan 22, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-59
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| libfuse_project | libfuse | * | ≤2.8.5 |
References 20
- bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html
- lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html
- lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
- openwall.com http://openwall.com/lists/oss-security/2010/11/04/8
- openwall.com http://openwall.com/lists/oss-security/2010/11/05/2
- osvdb.org http://osvdb.org/70520
- secunia.com http://secunia.com/advisories/42961
- secunia.com http://secunia.com/advisories/42965
- halfdog.net http://www.halfdog.net/Security/FuseTimerace/
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:155
- securityfocus.com http://www.securityfocus.com/bid/44623
- ubuntu.com http://www.ubuntu.com/usn/USN-1045-1
- ubuntu.com http://www.ubuntu.com/usn/USN-1045-2
- vupen.com http://www.vupen.com/english/advisories/2011/0181
- vupen.com http://www.vupen.com/english/advisories/2011/0302
- bugs.launchpad.net https://bugs.launchpad.net/bugs/670622
- bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=651598
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=651183
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/62986
Remediation
- bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333
- halfdog.net http://www.halfdog.net/Security/FuseTimerace/
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=651183