Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Fuse 安全漏洞
Vulnerability Description
Fuse(Filesystem in Userspace,用户空间文件系统)是软件开发者Miklos Szeredi所研发的一套允许非特权用户无需编辑内核代码就可以创建文件系统的类Unix系统机制。 Fuse 2.9.8之前版本和3.2.5之前的3.x版本中存在安全漏洞。攻击者可借助‘fusermount’命令利用该漏洞绕过安全限制,挂载FUSE文件系统,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A