CVE-2011-0542

fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
fusefuse
𝑥
≤ 2.8.5
fusefuse
1.9
fusefuse
2.0:pre0
fusefuse
2.0:pre1
fusefuse
2.1
fusefuse
2.2
fusefuse
2.2.1
fusefuse
2.3:pre
fusefuse
2.3:rc1
fusefuse
2.3.0
fusefuse
2.4.0
fusefuse
2.4.1
fusefuse
2.4.2
fusefuse
2.5.0
fusefuse
2.5.1
fusefuse
2.5.2
fusefuse
2.5.3
fusefuse
2.6.0
fusefuse
2.6.1
fusefuse
2.6.3
fusefuse
2.6.5
fusefuse
2.7.0
fusefuse
2.7.1
fusefuse
2.7.2
fusefuse
2.7.3
fusefuse
2.7.4
fusefuse
2.7.5
fusefuse
2.7.6
fusefuse
2.8.0
fusefuse
2.8.1
fusefuse
2.8.2
fusefuse
2.8.3
fusefuse
2.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fuse
bullseye
2.9.9-5
fixed
squeeze
no-dsa
bookworm
2.9.9-6
fixed
sid
2.9.9-9
fixed
trixie
2.9.9-9
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fuse
maverick
Fixed 2.8.4-1ubuntu1.3
released
lucid
Fixed 2.8.1-1.1ubuntu3.1
released
karmic
Fixed 2.7.4-1.1ubuntu4.5
released
hardy
Fixed 2.7.2-1ubuntu2.3
released
dapper
ignored
Common Weakness Enumeration
References
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873
http://www.openwall.com/lists/oss-security/2011/02/02/2
http://www.openwall.com/lists/oss-security/2011/02/03/5
http://www.openwall.com/lists/oss-security/2011/02/08/4
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873
http://www.openwall.com/lists/oss-security/2011/02/02/2
http://www.openwall.com/lists/oss-security/2011/02/03/5
http://www.openwall.com/lists/oss-security/2011/02/08/4