CVE-2010-0789 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
fuse	fuse	1.9
fuse	fuse	2.0:pre0
fuse	fuse	2.0:pre1
fuse	fuse	2.1
fuse	fuse	2.2
fuse	fuse	2.2.1
fuse	fuse	2.3:pre
fuse	fuse	2.3:rc1
fuse	fuse	2.3.0
fuse	fuse	2.4.0
fuse	fuse	2.4.1
fuse	fuse	2.4.2
fuse	fuse	2.5.0
fuse	fuse	2.5.1
fuse	fuse	2.5.2
fuse	fuse	2.5.3
fuse	fuse	2.6.0
fuse	fuse	2.6.1
fuse	fuse	2.6.3
fuse	fuse	2.6.5
fuse	fuse	2.7.0
fuse	fuse	2.7.1
fuse	fuse	2.7.2
fuse	fuse	2.7.3
fuse	fuse	2.7.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

fuse

bookworm	2.9.9-6 fixed
bullseye	2.9.9-5 fixed
sid	2.9.9-9 fixed
trixie	2.9.9-9 fixed

Ubuntu Releases

Ubuntu Product

Codename

fuse

dapper	Fixed 2.4.2-0ubuntu3.1 released
hardy	Fixed 2.7.2-1ubuntu2.1 released
intrepid	Fixed 2.7.3-4ubuntu2.1 released
jaunty	Fixed 2.7.4-1.1ubuntu4.0.9.04.1 released
karmic	Fixed 2.7.4-1.1ubuntu4.3 released

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034518.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034580.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/38261

http://secunia.com/advisories/38287

http://secunia.com/advisories/38359

http://secunia.com/advisories/38437

http://sourceforge.net/projects/fuse/files/ReleaseNotes/fuse-2.8.3.html/view

http://sourceforge.net/projects/fuse/files/fuse-2.X/2.7.5/fuse-2.7.5.tar.gz/download

http://www.debian.org/security/2010/dsa-1989

http://www.securityfocus.com/bid/37983

http://www.ubuntu.com/usn/USN-892-1

http://www.vupen.com/english/advisories/2010/1107

https://bugzilla.redhat.com/show_bug.cgi?id=532940

https://bugzilla.redhat.com/show_bug.cgi?id=558833

https://exchange.xforce.ibmcloud.com/vulnerabilities/55945

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567633

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034518.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034580.html

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://secunia.com/advisories/38261

http://secunia.com/advisories/38287

http://secunia.com/advisories/38359

http://secunia.com/advisories/38437

http://sourceforge.net/projects/fuse/files/ReleaseNotes/fuse-2.8.3.html/view

http://sourceforge.net/projects/fuse/files/fuse-2.X/2.7.5/fuse-2.7.5.tar.gz/download

http://www.debian.org/security/2010/dsa-1989

http://www.securityfocus.com/bid/37983

http://www.ubuntu.com/usn/USN-892-1

http://www.vupen.com/english/advisories/2010/1107

https://bugzilla.redhat.com/show_bug.cgi?id=532940

https://bugzilla.redhat.com/show_bug.cgi?id=558833

https://exchange.xforce.ibmcloud.com/vulnerabilities/55945