CVE-2011-0542

EUVD-2011-0560
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
fusefuse
𝑥
≤ 2.8.5
fusefuse
1.9
fusefuse
2.0:pre0
fusefuse
2.0:pre1
fusefuse
2.1
fusefuse
2.2
fusefuse
2.2.1
fusefuse
2.3:pre
fusefuse
2.3:rc1
fusefuse
2.3.0
fusefuse
2.4.0
fusefuse
2.4.1
fusefuse
2.4.2
fusefuse
2.5.0
fusefuse
2.5.1
fusefuse
2.5.2
fusefuse
2.5.3
fusefuse
2.6.0
fusefuse
2.6.1
fusefuse
2.6.3
fusefuse
2.6.5
fusefuse
2.7.0
fusefuse
2.7.1
fusefuse
2.7.2
fusefuse
2.7.3
fusefuse
2.7.4
fusefuse
2.7.5
fusefuse
2.7.6
fusefuse
2.8.0
fusefuse
2.8.1
fusefuse
2.8.2
fusefuse
2.8.3
fusefuse
2.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fuse
bookworm
2.9.9-6
fixed
bullseye
2.9.9-5
fixed
sid
2.9.9-9
fixed
squeeze
no-dsa
trixie
2.9.9-9
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fuse
dapper
ignored
hardy
Fixed 2.7.2-1ubuntu2.3
released
karmic
Fixed 2.7.4-1.1ubuntu4.5
released
lucid
Fixed 2.8.1-1.1ubuntu3.1
released
maverick
Fixed 2.8.4-1ubuntu1.3
released
Common Weakness Enumeration
References
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873
http://www.openwall.com/lists/oss-security/2011/02/02/2
http://www.openwall.com/lists/oss-security/2011/02/03/5
http://www.openwall.com/lists/oss-security/2011/02/08/4
http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=1e7607ff89c65b005f69e27aeb1649d624099873
http://www.openwall.com/lists/oss-security/2011/02/02/2
http://www.openwall.com/lists/oss-security/2011/02/03/5
http://www.openwall.com/lists/oss-security/2011/02/08/4