CVE-2010-3879 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
libfuse_project	libfuse	𝑥 ≤ 2.8.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

fuse

bullseye	2.9.9-5 fixed
squeeze	no-dsa
bookworm	2.9.9-6 fixed
sid	2.9.9-9 fixed
trixie	2.9.9-9 fixed

Ubuntu Releases

Ubuntu Product

Codename

fuse

maverick	Fixed 2.8.4-1ubuntu1.1 released
lucid	Fixed 2.8.1-1.1ubuntu2.2 released
karmic	Fixed 2.7.4-1.1ubuntu4.4 released
hardy	Fixed 2.7.2-1ubuntu2.2 released
dapper	ignored

util-linux

maverick	Fixed 2.17.2-0ubuntu1.10.10.1 released
lucid	Fixed 2.17.2-0ubuntu1.10.04.1 released
karmic	Fixed 2.16-1ubuntu5.1 released
hardy	Fixed 2.13.1-5ubuntu3.1 released
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html

http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2010/11/04/8

http://openwall.com/lists/oss-security/2010/11/05/2

http://osvdb.org/70520

http://secunia.com/advisories/42961

http://secunia.com/advisories/42965

http://www.halfdog.net/Security/FuseTimerace/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:155

http://www.securityfocus.com/bid/44623

http://www.ubuntu.com/usn/USN-1045-1

http://www.ubuntu.com/usn/USN-1045-2

http://www.vupen.com/english/advisories/2011/0181

http://www.vupen.com/english/advisories/2011/0302

https://bugs.launchpad.net/bugs/670622

https://bugzilla.novell.com/show_bug.cgi?id=651598

https://bugzilla.redhat.com/show_bug.cgi?id=651183

https://exchange.xforce.ibmcloud.com/vulnerabilities/62986

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602333

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053792.html

http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077247.html

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2010/11/04/8

http://openwall.com/lists/oss-security/2010/11/05/2

http://osvdb.org/70520

http://secunia.com/advisories/42961

http://secunia.com/advisories/42965

http://www.halfdog.net/Security/FuseTimerace/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:155

http://www.securityfocus.com/bid/44623

http://www.ubuntu.com/usn/USN-1045-1

http://www.ubuntu.com/usn/USN-1045-2

http://www.vupen.com/english/advisories/2011/0181

http://www.vupen.com/english/advisories/2011/0302

https://bugs.launchpad.net/bugs/670622

https://bugzilla.novell.com/show_bug.cgi?id=651598

https://bugzilla.redhat.com/show_bug.cgi?id=651183

https://exchange.xforce.ibmcloud.com/vulnerabilities/62986