Описание
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
Отчет
This issue did not affect the versions of util-linux as shipped with Red Hat Enterprise Linux 6, 7, and 8 as they ship an older version which does not allow unprivileged users to unmount FUSE mount points for the current user (e.g. the vulnerable function is_fuse_usermount() does not exist).
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | util-linux-ng | Not affected | ||
| Red Hat Enterprise Linux 7 | util-linux | Not affected | ||
| Red Hat Enterprise Linux 8 | util-linux | Not affected | ||
| Red Hat Enterprise Linux 9 | util-linux | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
A logic error was found in the libmount library of util-linux in the f ...
Уязвимость стандартного пакета служебных утилит командной строки util-linux, связанная с некорректными разрешениями и привилегиями доступа, позволяющая нарушителю обойти введенные ограничения безопасности
Security update for libeconf, shadow and util-linux
EPSS
5.5 Medium
CVSS3