Launchpad has imported 11 comments from the remote bug at https://bugzilla.novell.com/show_bug.cgi?id=651598.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2010-11-05T06:56:21+00:00 Lnussel wrote: Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. ------------------------------------------------------------------------------ Date: Thu, 04 Nov 2010 15:45:33 -0400 From: Marc Deslauriers <[email protected]> Subject: [oss-security] CVE request: fuse Hello, There is an issue with FUSE that lets unprivileged users unmount arbitrary locations via a symlink attack. This is a different issue than CVE-2009-3297 and CVE-2010-0789. Ref.: http://seclists.org/fulldisclosure/2010/Nov/15 http://www.halfdog.net/Security/FuseTimerace/ Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/1 ------------------------------------------------------------------------ On 2010-11-05T12:00:10+00:00 Mszeredi wrote: Affected distributions with fuse < 2.8.2 *OR* util-linux < 2.17. This means everything except 11.3 and Factory: 11.1 11.2 sle10-sp3 sle11 sle11-moblin20 sle11-sp1 Relevant fuse commits: 4c3d9b1957 "Use '--no-canonicalize' option of mount(8)..." 0197ce4041 "Using --no-canonicalize with umount(8) conflicts with..." and util-linux commits: 45fc569a75 "mount: add --no-canonicalize option" be9adec40f "mount: disable --no-canonicalize for non-root users" Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/2 ------------------------------------------------------------------------ On 2010-11-09T10:22:36+00:00 Thomas-novell wrote: P5->P4 mass change Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/3 ------------------------------------------------------------------------ On 2010-11-12T13:38:54+00:00 Mszeredi wrote: Created an attachment (id=399921) fuse fix Looking deeper, the above is not entirely correct. Fuse versions 2.7.* and 2.8.* are all affected. The fix needs "--no-canonicalize" and "-- fake" options in umount(8), which is present in util-linux-ng >= 2.18. The following commits need backporting to earlier versions of util- linux-ng: 45fc569a75 mount: add --no-canonicalize option be9adec40f mount: disable --no-canonicalize for non-root users 387ade2a24 umount: add --no-canonicalize 97a3cef4f1 umount: add --fake option to umount(8) 1cf4c20b19 mount: don't canonicalize "spec" with --no-canonicalize option Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/4 ------------------------------------------------------------------------ On 2010-11-12T13:45:06+00:00 Mszeredi wrote: And a similar race exists during mount, so --no-canonicalize is needed in mount(8) too (covered by the commits listed above). Fuse versions <2.8.2 need to have these commits backported: 4c3d9b1957 "Use '--no-canonicalize' option of mount(8)..." 0197ce4041 "Using --no-canonicalize with umount(8) conflicts with..." Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/5 ------------------------------------------------------------------------ On 2010-12-03T12:37:34+00:00 Mszeredi wrote: Updated "util-linux" and "fuse" packages have been submitted to the following projects: SUSE:SLE-10-SP3:Update:Test SUSE:SLE-10-SP4:Update:Test SUSE:SLE-11:Update:Test SUSE:SLE-11-SP1:Update:Test SUSE:Factory:Head openSUSE:11.2:Update:Test openSUSE:11.3:Update:Test In all 14 submitrequests. Reassigning to security team for further processing. Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/6 ------------------------------------------------------------------------ On 2010-12-03T15:26:28+00:00 Thomas-novell wrote: Thanks a lot. (Note: It is still filed as "planned update" and will therefore be released later.) CVE-2010-3879: CVSS v2 Base Score: 3.6 (moderate) (AV:L/AC:L/Au:N/C:N/I:P/A:P): unknown (unknown) Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/7 ------------------------------------------------------------------------ On 2010-12-08T14:13:59+00:00 Dmueller wrote: submitting it for SLE10 SP4 Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/8 ------------------------------------------------------------------------ On 2010-12-22T14:52:50+00:00 Swamp-suse wrote: The SWAMPID for this issue is 37926. This issue was rated as low. Please submit fixed packages until 2011-01-19. When done, please reassign the bug to [email protected]. Patchinfo will be handled by security team. Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/9 ------------------------------------------------------------------------ On 2010-12-22T14:57:02+00:00 Lnussel wrote: there is a conflicting util-linux submission on sle11sp1 from Petr (sr#9153). Could you please merge and resubmit? Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/10 ------------------------------------------------------------------------ On 2010-12-22T16:13:40+00:00 Mszeredi wrote: (In reply to comment #11) > there is a conflicting util-linux submission on sle11sp1 from Petr (sr#9153). > Could you please merge and resubmit? submitted a merged request: sr#9881. Reply at: https://bugs.launchpad.net/ubuntu/+source/fuse/+bug/670622/comments/11 ** Changed in: fuse (Suse) Status: Unknown => In Progress ** Changed in: fuse (Suse) Importance: Unknown => Medium ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3297 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0789 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/670622 Title: fusermount allows unmount any filesystem -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
