CVE-2010-3879

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2010-3879
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-3879.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2010-3879
Published
2011-01-22T22:00:02Z
Modified
2025-04-11T00:51:21Z
Downstream
Summary
[none]
Details

FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability than CVE-2010-0789.

References

Affected packages

Debian:11 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}