CVE-2010-3879

NONE
Published Jan 22, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 22, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-59

Affected Products 1

VendorProductVersionRange
libfuse_projectlibfuse* ≤2.8.5

References 20

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333
    ExploitPatchThird Party Advisory
  • lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html
    Third Party Advisory
  • lists.grok.org.uk http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html
    ExploitThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
    Third Party Advisory
  • openwall.com http://openwall.com/lists/oss-security/2010/11/04/8
    ExploitMailing ListThird Party Advisory
  • openwall.com http://openwall.com/lists/oss-security/2010/11/05/2
    ExploitMailing ListThird Party Advisory
  • osvdb.org http://osvdb.org/70520
    Broken Link
  • secunia.com http://secunia.com/advisories/42961
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/42965
    Third Party Advisory
  • halfdog.net http://www.halfdog.net/Security/FuseTimerace/
    ExploitPatchThird Party Advisory
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2013:155
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/44623
    ExploitThird Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/USN-1045-1
    Third Party Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-1045-2
    Third Party Advisory
  • vupen.com http://www.vupen.com/english/advisories/2011/0181
    Permissions Required
  • vupen.com http://www.vupen.com/english/advisories/2011/0302
    Permissions Required
  • bugs.launchpad.net https://bugs.launchpad.net/bugs/670622
    ExploitThird Party Advisory
  • bugzilla.novell.com https://bugzilla.novell.com/show_bug.cgi?id=651598
    ExploitIssue Tracking
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=651183
    ExploitIssue TrackingPatch
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/62986
    Third Party AdvisoryVDB Entry

Remediation

  • bugs.debian.org http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333
    ExploitPatchThird Party Advisory
  • halfdog.net http://www.halfdog.net/Security/FuseTimerace/
    ExploitPatchThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=651183
    ExploitIssue TrackingPatch