CVE-2010-3879

Common Vulnerabilities and Exposures

Upstream information

CVE-2010-3879 at MITRE

Description

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

NVD CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 651598, 668820, 685055

SUSE Security Advisories:

SUSE-SR:2011:005, published Fri, 01 Apr 2011 13:00:00 +0000
openSUSE-SU-2011:0264-1, published Thu, 31 Mar 2011 17:08:24 +0200 (CEST)
openSUSE-SU-2011:0265-1, published Thu, 31 Mar 2011 17:08:30 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.2	`fuse-debuginfo >= 2.7.4-3.8.1` `fuse-debugsource >= 2.7.4-3.8.1` `libblkid1-debuginfo >= 2.16-4.6.1` `libblkid1-debuginfo-32bit >= 2.16-4.6.1` `libfuse2-debuginfo >= 2.7.4-3.8.1` `libfuse2-debuginfo-32bit >= 2.7.4-3.8.1` `libuuid1-debuginfo >= 2.16-4.6.1` `libuuid1-debuginfo-32bit >= 2.16-4.6.1` `util-linux-debuginfo >= 2.16-4.6.1` `util-linux-debugsource >= 2.16-4.6.1` `uuidd-debuginfo >= 2.16-4.6.1`
openSUSE 11.2	`fuse >= 2.7.4-3.8.1` `fuse-devel >= 2.7.4-3.8.1` `fuse-devel-static >= 2.7.4-3.8.1` `libblkid-devel >= 2.16-4.6.1` `libblkid-devel-32bit >= 2.16-4.6.1` `libblkid1 >= 2.16-4.6.1` `libblkid1-32bit >= 2.16-4.6.1` `libfuse2 >= 2.7.4-3.8.1` `libfuse2-32bit >= 2.7.4-3.8.1` `libuuid-devel >= 2.16-4.6.1` `libuuid-devel-32bit >= 2.16-4.6.1` `libuuid1 >= 2.16-4.6.1` `libuuid1-32bit >= 2.16-4.6.1` `util-linux >= 2.16-4.6.1` `util-linux-lang >= 2.16-4.6.1` `uuidd >= 2.16-4.6.1`
SLE 11 SP1 DEBUGINFO	`fuse-debuginfo >= 2.7.2-61.23.1` `fuse-debugsource >= 2.7.2-61.23.1` `util-linux-debuginfo >= 2.16-6.11.1` `util-linux-debugsource >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Software Development Kit 11 SP1	`fuse-devel >= 2.7.2-61.23.1` `libblkid-devel >= 2.16-6.11.1` `libuuid-devel >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Software Development Kit 11 SP1	`fuse-devel >= 2.7.2-61.23.1` `libblkid-devel >= 2.16-6.11.1` `libblkid1-x86 >= 2.16-6.11.1` `libuuid-devel >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Software Development Kit 11 SP1	`fuse-devel >= 2.7.2-61.23.1` `libblkid-devel >= 2.16-6.11.1` `libblkid-devel-32bit >= 2.16-6.11.1` `libblkid1-32bit >= 2.16-6.11.1` `libuuid-devel >= 2.16-6.11.1` `libuuid-devel-32bit >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Desktop 11 SP1	`fuse >= 2.7.2-61.23.1` `libblkid1 >= 2.16-6.11.1` `libfuse2 >= 2.7.2-61.23.1` `libuuid-devel >= 2.16-6.11.1` `libuuid1 >= 2.16-6.11.1` `util-linux >= 2.16-6.11.1` `util-linux-lang >= 2.16-6.11.1` `uuid-runtime >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Desktop 11 SP1	`fuse >= 2.7.2-61.23.1` `libblkid1 >= 2.16-6.11.1` `libfuse2 >= 2.7.2-61.23.1` `libuuid-devel >= 2.16-6.11.1` `libuuid1 >= 2.16-6.11.1` `libuuid1-32bit >= 2.16-6.11.1` `util-linux >= 2.16-6.11.1` `util-linux-lang >= 2.16-6.11.1` `uuid-runtime >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`fuse >= 2.7.2-61.23.1` `libblkid1 >= 2.16-6.11.1` `libfuse2 >= 2.7.2-61.23.1` `libuuid1 >= 2.16-6.11.1` `util-linux >= 2.16-6.11.1` `util-linux-lang >= 2.16-6.11.1` `uuid-runtime >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Server 11 SP1	`fuse >= 2.7.2-61.23.1` `libblkid1 >= 2.16-6.11.1` `libfuse2 >= 2.7.2-61.23.1` `libuuid1 >= 2.16-6.11.1` `libuuid1-x86 >= 2.16-6.11.1` `util-linux >= 2.16-6.11.1` `util-linux-lang >= 2.16-6.11.1` `uuid-runtime >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`fuse >= 2.7.2-61.23.1` `libblkid1 >= 2.16-6.11.1` `libfuse2 >= 2.7.2-61.23.1` `libuuid1 >= 2.16-6.11.1` `libuuid1-32bit >= 2.16-6.11.1` `util-linux >= 2.16-6.11.1` `util-linux-lang >= 2.16-6.11.1` `uuid-runtime >= 2.16-6.11.1`	sles11-sp1.ia64 sle11-sp1-sdk.s390x sles11-sp1.x86 sles11-sp1.x86-64 sle11-sp1-sdk.x86 sle11-sp1-sdk.ia64 sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sled11-sp1.x86-64 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc sled11-sp1.x86 SAT Patch Nr: 4095
openSUSE 11.3	`fuse-debuginfo >= 2.8.5-2.7.1` `fuse-debugsource >= 2.8.5-2.7.1` `libblkid1-debuginfo >= 2.17.2-6.3.1` `libblkid1-debuginfo-32bit >= 2.17.2-6.3.1` `libfuse2-debuginfo >= 2.8.5-2.7.1` `libfuse2-debuginfo-32bit >= 2.8.5-2.7.1` `libuuid1-debuginfo >= 2.17.2-6.3.1` `libuuid1-debuginfo-32bit >= 2.17.2-6.3.1` `util-linux-debuginfo >= 2.17.2-6.3.1` `util-linux-debugsource >= 2.17.2-6.3.1` `uuidd-debuginfo >= 2.17.2-6.3.1`
openSUSE 11.3	`fuse >= 2.8.5-2.7.1` `fuse-devel >= 2.8.5-2.7.1` `fuse-devel-static >= 2.8.5-2.7.1` `libblkid-devel >= 2.17.2-6.3.1` `libblkid-devel-32bit >= 2.17.2-6.3.1` `libblkid1 >= 2.17.2-6.3.1` `libblkid1-32bit >= 2.17.2-6.3.1` `libfuse2 >= 2.8.5-2.7.1` `libfuse2-32bit >= 2.8.5-2.7.1` `libuuid-devel >= 2.17.2-6.3.1` `libuuid-devel-32bit >= 2.17.2-6.3.1` `libuuid1 >= 2.17.2-6.3.1` `libuuid1-32bit >= 2.17.2-6.3.1` `util-linux >= 2.17.2-6.3.1` `util-linux-lang >= 2.17.2-6.3.1` `uuidd >= 2.17.2-6.3.1`
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86	`fuse >= 2.7.2-15.10.11.1` `fuse-devel >= 2.7.2-15.10.11.1` `libfuse2 >= 2.7.2-15.10.11.1` `util-linux >= 2.12r-35.41.43.7`	sles10-sp3.ppc sles10-sp3.x86 sle10-sp3-sdk.x86-64 sles10-sp3.ia64 sled10-sp3.x86 sle10-sp3-sdk.ia64 sles10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.x86 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86-64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.s390x sled10-sp3.x86-64 sle10-sp3-sdk.ppc sles10-sp3.s390x ZYPP Patch Nr: 7362
SUSE Linux Enterprise Server 10 SP3 DEBUGINFO	`util-linux-debuginfo >= 2.12r-35.41.43.7`	sles10-sp3.ppc sles10-sp3.x86 sle10-sp3-sdk.x86-64 sles10-sp3.ia64 sled10-sp3.x86 sle10-sp3-sdk.ia64 sles10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.x86 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86-64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.s390x sled10-sp3.x86-64 sle10-sp3-sdk.ppc sles10-sp3.s390x ZYPP Patch Nr: 7362
SUSE Linux Enterprise SDK 10 SP3	`fuse >= 2.7.2-15.10.11.1` `fuse-devel >= 2.7.2-15.10.11.1` `libfuse2 >= 2.7.2-15.10.11.1`	sles10-sp3.ppc sles10-sp3.x86 sle10-sp3-sdk.x86-64 sles10-sp3.ia64 sled10-sp3.x86 sle10-sp3-sdk.ia64 sles10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.x86 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86-64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.s390x sled10-sp3.x86-64 sle10-sp3-sdk.ppc sles10-sp3.s390x ZYPP Patch Nr: 7362
SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3 SUSE Linux Enterprise Server for SAP 10 SP3	`util-linux >= 2.12r-35.41.43.7`	sles10-sp3.ppc sles10-sp3.x86 sle10-sp3-sdk.x86-64 sles10-sp3.ia64 sled10-sp3.x86 sle10-sp3-sdk.ia64 sles10-sp3.x86-64 sles10-sp3-debuginfo.ia64 sles10-sp3-debuginfo.x86 sle10-sp3-sdk.x86 sle10-sp3-sdk.s390x sles10-sp3-debuginfo.x86-64 sles10-sp3-debuginfo.ppc sles10-sp3-debuginfo.s390x sled10-sp3.x86-64 sle10-sp3-sdk.ppc sles10-sp3.s390x ZYPP Patch Nr: 7362
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86 SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP4 for x86	`fuse >= 2.7.2-15.10.11.10` `fuse-devel >= 2.7.2-15.10.11.10` `libfuse2 >= 2.7.2-15.10.11.10`	sle10-sp4-sdk.x86 sle10-sp4-sdk.ia64 sle10-sp4-sdk.x86-64 sled10-sp4.x86 sle10-sp4-sdk.ppc sle10-sp4-sdk.s390x sled10-sp4.x86-64 ZYPP Patch Nr: 7418

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy