Pardus alert 2010-27 (fuse)

From:
    	     
 
Eren Turkay <eren@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security] [PLSA 2010-27] Fuse: Privilege Escalation 
Date:
    	     
 
Tue,  2 Feb 2010 21:32:36 +0200 (EET)
Message-ID:
    	     
 
<20100202193236.BBA16A7AB26@lider.pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-27            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-02-02
  Severity: 4
      Type: Local
------------------------------------------------------------------------

Summary
=======

A security issue has been fixed in Fuse,  which  can  be  exploited  by 
malicious, local users to disclose potentially sensitive information and
potentially gain escalated privileges. 


Description
===========

Ronald Volgers discovered that  FUSE  did  not  correctly  check  mount 
locations. A local attacker, with access to  use  FUSE,  could  unmount 
arbitrary locations, leading to a denial of service. 


Affected packages:

  Pardus 2009:
    fuse, all before 2.8.2-21-7


Resolution
==========

There are update(s) for fuse. You can update them via Package Manager or
with a single command from console: 

    pisi up fuse

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=12148
  * https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3297
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3297

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security