In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Link | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906 | patch third party advisory issue tracking |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html | third party advisory mailing list |
| https://www.debian.org/security/2018/dsa-4257 | third party advisory vendor advisory |
| https://www.exploit-db.com/exploits/45106/ | third party advisory vdb entry exploit |
| https://access.redhat.com/errata/RHSA-2018:3324 | third party advisory vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/ | vendor advisory |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/ | vendor advisory |