{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-06T20:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110201 CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "[oss-security] 20110203 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47"}, {"name": "[oss-security] 20110208 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:58:24.991Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110201 CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"name": "SUSE-SR:2011:005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"name": "[oss-security] 20110203 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47"}, {"name": "[oss-security] 20110208 Re: CVE request: fuse", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0543", "datePublished": "2011-09-02T23:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:24.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fuse:fuse:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE7C6543-6BB7-43AE-8021-13939D2EACF4", "versionEndIncluding": "2.8.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "55969766-1B53-4987-BED1-69210D870159", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.0:pre0:*:*:*:*:*:*", "matchCriteriaId": "975404B1-A1D7-498E-BCAF-27F6F0C6D6DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "725C66E7-CDE5-447F-A718-1F8E09DBD03B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D694A371-E110-404C-8A8B-E162BE7CC420", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "57EA26ED-6A5B-46FD-B776-56164C2CA2A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4070A046-AFAF-47E7-8143-950E7113F7D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3:pre:*:*:*:*:*:*", "matchCriteriaId": "F58FB896-AC2F-44F6-B225-6B1E8B5D5AAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "046B9EE6-597B-4668-A7E3-3B2E19F2F1F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6E73A6-7598-43D0-85B6-36854D241753", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C84298D-29DA-4E25-872C-C01123DC264B", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "79145A4A-180B-4A01-9B27-FF41C80C8A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B8FB5A17-317D-4FCD-9135-7B6FBFF43122", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "86127064-585A-491A-9C02-3868293287E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "D9AFE150-9202-478D-B9A5-A06631A7F654", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A203B9AA-AC5A-4F97-8B22-FD4CE9A5E9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D88FC4B0-D669-4B8C-9F0E-8B40FD269707", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C58DA611-5C3C-48B5-9A97-AF61E79C2A11", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "745A4F8C-CB3C-40CF-9358-89403CDAC064", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "DA50E0DD-E42D-4A6B-A2D1-5EB5E032A3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "166EEDD0-41AC-48F6-BB41-2199E07D70C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "55B8E8CD-A4C9-4542-BA8E-6A59352225F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3168CEE0-DCB6-48DC-B1A1-A7A24E0D4455", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "553EBB29-A227-428F-A752-BDFB100C954D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "55859957-F60A-452F-B41F-1C08ABA073A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "7E20A7A1-54C5-427C-8232-E4E8CCB16AC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "43BCF81C-3331-4298-AA82-EDC61155F60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7C8B55A7-2466-42AA-A14F-23931BC09904", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "87529BC7-BE88-4EF6-9B30-01345B1F1EE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2937E05D-CEEC-4048-9151-575BD71CDD6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3DCC2C7-1BC7-43D6-8AE8-717E4D834131", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "72A18ED3-3322-4DB0-9E68-1952B739A409", "vulnerable": true}, {"criteria": "cpe:2.3:a:fuse:fuse:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA99C51F-D71E-4B6D-A6BB-A9BD198F8074", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack."}, {"lang": "es", "value": "Cierta funcionalidad en Fusermount en fuse v2.8.5 y anteriores, cuando util-linux no es compatible con la opci\u00f3n --no-canonicalize, permite a usuarios locales eludir restricciones de acceso y desmontar directorios de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos."}], "id": "CVE-2011-0543", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-02T23:55:02.320", "references": [{"source": "secalert@redhat.com", "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse%3Ba=commit%3Bh=cbd3a2a84068aae6e3fe32939d88470d712dbf47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1083", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "fuse-0:2.8.3-3.el6_1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-07-20T00:00:00Z"}], "bugzilla": {"description": "fuse: unprivileged user can unmount arbitrary locations via symlink attack", "id": "651183", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=651183"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:P", "status": "verified"}, "details": ["Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack."], "name": "CVE-2011-0543", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "fuse", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "util-linux", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "util-linux-ng", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-11-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0543\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0543"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.", "threat_severity": "Low"}

{}