{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-06T20:57:02.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"}, {"name": "[oss-security] 20110201 CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "[oss-security] 20110203 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"name": "[oss-security] 20110208 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:24.968Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"}, {"name": "[oss-security] 20110201 CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "[oss-security] 20110203 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"name": "[oss-security] 20110208 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0541", "datePublished": "2011-09-02T23:00:00.000Z", "dateReserved": "2011-01-20T00:00:00.000Z", "dateUpdated": "2024-08-06T21:58:24.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fuse:fuse:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE7C6543-6BB7-43AE-8021-13939D2EACF4", "versionEndIncluding": "2.8.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "55969766-1B53-4987-BED1-69210D870159", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*", "matchCriteriaId": "975404B1-A1D7-498E-BCAF-27F6F0C6D6DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "725C66E7-CDE5-447F-A718-1F8E09DBD03B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D694A371-E110-404C-8A8B-E162BE7CC420", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "57EA26ED-6A5B-46FD-B776-56164C2CA2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4070A046-AFAF-47E7-8143-950E7113F7D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*", "matchCriteriaId": "F58FB896-AC2F-44F6-B225-6B1E8B5D5AAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "046B9EE6-597B-4668-A7E3-3B2E19F2F1F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6E73A6-7598-43D0-85B6-36854D241753", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C84298D-29DA-4E25-872C-C01123DC264B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "79145A4A-180B-4A01-9B27-FF41C80C8A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8FB5A17-317D-4FCD-9135-7B6FBFF43122", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "86127064-585A-491A-9C02-3868293287E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9AFE150-9202-478D-B9A5-A06631A7F654", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A203B9AA-AC5A-4F97-8B22-FD4CE9A5E9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D88FC4B0-D669-4B8C-9F0E-8B40FD269707", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C58DA611-5C3C-48B5-9A97-AF61E79C2A11", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "745A4F8C-CB3C-40CF-9358-89403CDAC064", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA50E0DD-E42D-4A6B-A2D1-5EB5E032A3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "166EEDD0-41AC-48F6-BB41-2199E07D70C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "55B8E8CD-A4C9-4542-BA8E-6A59352225F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3168CEE0-DCB6-48DC-B1A1-A7A24E0D4455", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "553EBB29-A227-428F-A752-BDFB100C954D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "55859957-F60A-452F-B41F-1C08ABA073A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "7E20A7A1-54C5-427C-8232-E4E8CCB16AC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "43BCF81C-3331-4298-AA82-EDC61155F60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7C8B55A7-2466-42AA-A14F-23931BC09904", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "87529BC7-BE88-4EF6-9B30-01345B1F1EE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2937E05D-CEEC-4048-9151-575BD71CDD6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3DCC2C7-1BC7-43D6-8AE8-717E4D834131", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "72A18ED3-3322-4DB0-9E68-1952B739A409", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA99C51F-D71E-4B6D-A6BB-A9BD198F8074", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack."}, {"lang": "es", "value": "Fuse v2.8.5 y anteriores no se comporta de forma adecuada cuando /etc/mtlab no puede ser actualizado, lo que permite a usuarios locales desmontar directorios de su elecci\u00f3n a trav\u00e9s de un ataque de enlaces simb\u00f3licos."}], "id": "CVE-2011-0541", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-02T23:55:02.227", "references": [{"source": "secalert@redhat.com", "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=bf5ffb5fd8558bd799791834def431c0cee5a11f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1083", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "fuse-0:2.8.3-3.el6_1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-07-20T00:00:00Z"}], "bugzilla": {"description": "fuse: unprivileged user can unmount arbitrary locations via symlink attack", "id": "651183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651183"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot be updated, which allows local users to unmount arbitrary directories via a symlink attack."], "name": "CVE-2011-0541", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "fuse", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "util-linux", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "util-linux-ng", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0541\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0541"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.", "threat_severity": "Low"}

{}