What is the severity of REDHAT-BUG-651183?

The severity of REDHAT-BUG-651183 is considered high due to the potential for unauthorized access to sensitive data through a race condition.

How do I fix REDHAT-BUG-651183?

To fix REDHAT-BUG-651183, update the affected packages of fuse and util-linux to versions that are higher than the specified limits.

What systems are affected by REDHAT-BUG-651183?

The systems affected by REDHAT-BUG-651183 include those running SUSE fuse versions up to 2.8.2 and util-linux versions up to 2.17.

What type of vulnerability is REDHAT-BUG-651183?

REDHAT-BUG-651183 is a race condition vulnerability involving the fusermount tool during filesystem mounting.

Is REDHAT-BUG-651183 exploitable remotely?

Yes, REDHAT-BUG-651183 can be exploited by local users who can manipulate filesystem mounts.

Vulnerability/
REDHAT-BUG-651183

low

CWE

362

8/11/2010

24/2/2021

REDHAT-BUG-651183: Race Condition

First published: Mon Nov 08 2010(Updated: )

It was reported [1],[2] that the fusermount tool was vulnerable to a race condition between mounting a user filesystem and updating mtab using the standard mount command. If a user were able to win the race, the real mount entry and the mtab entry would differ, making the fuse-mounted filesystem not unmountable by an unprivileged user. Crafted mtab entries can then be used to trick fusermount into believing that a certain part of the filesystem is a user-space filesystem, and will unmount what should be a privileged filesystem (as demonstrated by unmounting /proc). According to the SUSE bug report [3], this would affect fuse versions before 2.8.2 or util-linux before 2.17, and notes the following commits that correct the problem: Relevant fuse commits: 4c3d9b1957 "Use '--no-canonicalize' option of mount(8)..." 0197ce4041 "Using --no-canonicalize with umount(8) conflicts with..." and util-linux commits: 45fc569a75 "mount: add --no-canonicalize option" be9adec40f "mount: disable --no-canonicalize for non-root users" [1] <a href="http://www.halfdog.net/Security/FuseTimerace/">http://www.halfdog.net/Security/FuseTimerace/</a> [2] <a href="http://seclists.org/fulldisclosure/2010/Nov/15">http://seclists.org/fulldisclosure/2010/Nov/15</a> [3] <a href="https://bugzilla.novell.com/show_bug.cgi?id=651598">https://bugzilla.novell.com/show_bug.cgi?id=651598</a>

Affected Software	Affected Version	How to fix
FUSE for Ftpfs	<2.8.2
Util-linux	<2.17

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-651183?
The severity of REDHAT-BUG-651183 is considered high due to the potential for unauthorized access to sensitive data through a race condition.
How do I fix REDHAT-BUG-651183?
To fix REDHAT-BUG-651183, update the affected packages of fuse and util-linux to versions that are higher than the specified limits.
What systems are affected by REDHAT-BUG-651183?
The systems affected by REDHAT-BUG-651183 include those running SUSE fuse versions up to 2.8.2 and util-linux versions up to 2.17.
What type of vulnerability is REDHAT-BUG-651183?
REDHAT-BUG-651183 is a race condition vulnerability involving the fusermount tool during filesystem mounting.
Is REDHAT-BUG-651183 exploitable remotely?
Yes, REDHAT-BUG-651183 can be exploited by local users who can manipulate filesystem mounts.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-3879
agent/weakness
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/suse
canonical/fuse for ftpfs
canonical/util-linux