Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fuse fusermount后置链接漏洞
Vulnerability Description
Fuse(Filesystem in Userspace,用户空间文件系统)是软件开发者Miklos Szeredi所研发的一套允许非特权用户无需编辑内核代码就可以创建文件系统的类Unix系统机制。 Fuse 2.8.5及之前版本中的fusermount的某些旧功能中存在后置链接漏洞。当util-linux不支持--no-canonicalize选项时,本地用户可借助符号链接攻击绕过预期的访问限制并卸载任意目录。
CVSS Information
N/A
Vulnerability Type
N/A