CVE-2018-10906

CVE-2018-10906

Name

CVE-2018-10906

Description

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906
Third Party Advisory	https://www.debian.org/security/2018/dsa-4257
Exploit	https://www.exploit-db.com/exploits/45106/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3324
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/

Type

URI

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906

Third Party Advisory

https://www.debian.org/security/2018/dsa-4257

Exploit

https://www.exploit-db.com/exploits/45106/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3324

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BREAIWIK64DRJWHIGR47L2D5YICY4HQ3/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XYA6PXT5PPWVK7CM7K4YRCYWA37DODB/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A253TZWZK6R7PT2S5JIEAQJR2TYKX7V2/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:debian:debian_linux:8.0:::::::*`	debian_linux	== None	== 8.0
`cpe:2.3:o:debian:debian_linux:9.0:::::::*`	debian_linux	== None	== 9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

debian_linux

== None

== 8.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

debian_linux

== None

== 9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
fuse3	edge-main	3.2.5-r0	None	fixed
fuse3	3.22-main	3.2.5-r0	None	fixed
fuse3	3.21-main	3.2.5-r0	None	fixed
fuse3	3.20-main	3.2.5-r0	None	fixed
fuse3	3.19-main	3.2.5-r0	None	fixed
fuse3	3.18-main	3.2.5-r0	None	fixed
fuse3	3.17-main	3.2.5-r0	None	fixed
fuse3	3.12-main	3.2.5-r0	None	fixed
fuse3	3.11-main	3.2.5-r0	None	fixed
fuse3	3.10-main	3.2.5-r0	None	fixed
fuse	edge-main	2.9.8-r0	None	fixed
fuse	edge-community	2.9.8-r0	None	fixed
fuse	3.22-community	2.9.8-r0	None	fixed
fuse	3.21-community	2.9.8-r0	None	fixed
fuse	3.20-main	2.9.8-r0	None	fixed
fuse	3.19-main	2.9.8-r0	None	fixed
fuse	3.18-main	2.9.8-r0	None	fixed
fuse	3.17-main	2.9.8-r0	None	fixed
fuse	3.12-main	2.9.8-r0	None	fixed
fuse	3.11-main	2.9.8-r0	None	fixed
fuse	3.10-main	2.9.8-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

fuse3

edge-main

3.2.5-r0

None

fixed

fuse3

3.22-main