CVE-2018-10906

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.

Ссылки

https://access.redhat.com/errata/RHSA-2018:3324
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/
https://www.debian.org/security/2018/dsa-4257
Third Party Advisory
https://www.exploit-db.com/exploits/45106/
Exploit
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3324
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/
https://www.debian.org/security/2018/dsa-4257
Third Party Advisory
https://www.exploit-db.com/exploits/45106/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:fuse_project:fuse:*:*:*:*:*:*:*:*

Версия до 2.9.8 (исключая)

cpe:2.3:a:fuse_project:fuse:*:*:*:*:*:*:*:*

Версия от 3.0 (включая) до 3.2.5 (исключая)

Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-285

CWE-269

Связанные уязвимости

CVE-2018-10906

CVSS3: 5.3

ubuntu

больше 7 лет назад

CVE-2018-10906

CVSS3: 5.3

redhat

больше 7 лет назад

CVE-2018-10906

CVSS3: 7.8

msrc

больше 5 лет назад

Описание отсутствует

CVE-2018-10906

CVSS3: 5.3

debian

больше 7 лет назад

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vuln ...

openSUSE-SU-2018:3326-1

suse-cvrf

больше 7 лет назад

Security update for fuse

EPSS

Процентиль: 17%

0.00054

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-285

CWE-269