CVE-2005-1858
CVSS2.1
发布时间 :2005-06-03 00:00:00
修订时间 :2008-09-05 16:50:16
NMCOPS    

[原文]FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.


[CNNVD]FUSE 本地信息泄露漏洞(CNNVD-200506-033)

        FUSE 2.3.0之前的2.x版本中,在文件系统对读请求返回一个短整型字节数时,无法从未满页面中正确清除以前使用过的内存,本地用户就可能利用此漏洞获得敏感信息。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:fuse:fuse:2.2
cpe:/a:fuse:fuse:2.2.1
cpe:/a:fuse:fuse:2.3_pre
cpe:/a:fuse:fuse:2.3_rc1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1858
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1858
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-033
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/15561/
(VENDOR_ADVISORY)  SECUNIA  15561
http://www.sven-tantau.de/public_files/fuse/fuse_20050603.txt
(VENDOR_ADVISORY)  MISC  http://www.sven-tantau.de/public_files/fuse/fuse_20050603.txt
http://www.securityfocus.com/bid/13857
(UNKNOWN)  BID  13857
http://www.osvdb.org/17042
(VENDOR_ADVISORY)  OSVDB  17042
http://sourceforge.net/project/shownotes.php?release_id=331884
(VENDOR_ADVISORY)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=331884
http://bugs.debian.org/311634
(VENDOR_ADVISORY)  CONFIRM  http://bugs.debian.org/311634
http://www.debian.org/security/2005/dsa-744
(UNKNOWN)  DEBIAN  DSA-744
http://securitytracker.com/id?1014107
(UNKNOWN)  SECTRACK  1014107
http://secunia.com/advisories/16024
(UNKNOWN)  SECUNIA  16024

- 漏洞信息

FUSE 本地信息泄露漏洞
低危 设计错误
2005-06-03 00:00:00 2005-10-20 00:00:00
本地  
        FUSE 2.3.0之前的2.x版本中,在文件系统对读请求返回一个短整型字节数时,无法从未满页面中正确清除以前使用过的内存,本地用户就可能利用此漏洞获得敏感信息。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Miklos Szeredi FUSE 2.2
        Miklos Szeredi fuse-2.3.0.tar.gz
        http://prdownloads.sourceforge.net/fuse/fuse-2.3.0.tar.gz?download
        Miklos Szeredi FUSE 2.2.1
        Debian fuse-source_2.2.1-4sarge2_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1- 4sarge2_all.deb
        Debian fuse-utils_2.2.1-4sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_alpha.deb
        Debian fuse-utils_2.2.1-4sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_amd64.deb
        Debian fuse-utils_2.2.1-4sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_arm.deb
        Debian fuse-utils_2.2.1-4sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_hppa.deb
        Debian fuse-utils_2.2.1-4sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_i386.deb
        Debian fuse-utils_2.2.1-4sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_ia64.deb
        Debian fuse-utils_2.2.1-4sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_m68k.deb
        Debian fuse-utils_2.2.1-4sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_mips.deb
        Debian fuse-utils_2.2.1-4sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_mipsel.deb
        Debian fuse-utils_2.2.1-4sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_powerpc.deb
        Debian fuse-utils_2.2.1-4sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_s390.deb
        Debian fuse-utils_2.2.1-4sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4 sarge2_sparc.deb
        Debian libfuse-dev_2.2.1-4sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_alpha.deb
        Debian libfuse-dev_2.2.1-4sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_amd64.deb
        Debian libfuse-dev_2.2.1-4sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_arm.deb
        Debian libfuse-dev_2.2.1-4sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_hppa.deb
        Debian libfuse-dev_2.2.1-4sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_i386.deb
        Debian libfuse-dev_2.2.1-4sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_ia64.deb
        Debian libfuse-dev_2.2.1-4sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_m68k.deb
        Debian libfuse-dev_2.2.1-4sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_mips.deb
        Debian libfuse-dev_2.2.1-4sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_mipsel.deb
        Debian libfuse-dev_2.2.1-4sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_powerpc.deb
        Debian libfuse-dev_2.2.1-4sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_s390.deb
        Debian libfuse-dev_2.2.1-4sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1- 4sarge2_sparc.deb
        Debian libfuse2_2.2.1-4sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_alpha.deb
        Debian libfuse2_2.2.1-4sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_amd64.deb
        Debian libfuse2_2.2.1-4sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_arm.deb
        Debian libfuse2_2.2.1-4sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_hppa.deb
        Debian libfuse2_2.2.1-4sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_i386.deb
        Debian libfuse2_2.2.1-4sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_ia64.deb
        Debian libfuse2_2.2.1-4sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_m68k.deb
        Debian libfuse2_2.2.1-4sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_mips.deb
        Debian libfuse2_2.2.1-4sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_mipsel.deb
        Debian libfuse2_2.2.1-4sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_powerpc.deb
        Debian libfuse2_2.2.1-4sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_s390.deb
        Debian libfuse2_2.2.1-4sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sa rge2_sparc.deb
        Miklos Szeredi fuse-2.3.0.tar.gz
        http://prdownloads.sourceforge.net/fuse/fuse-2.3.0.tar.gz?download
        

- 漏洞信息 (F38568)

Debian Linux Security Advisory 744-1 (PacketStormID:F38568)
2005-07-09 00:00:00
Debian  security.debian.org
advisory,local
linux,debian
CVE-2005-1858
[点击下载]

Debian Security Advisory DSA 744-1 - Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 744-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 8th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : fuse
Vulnerability  : programming error
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1858
BugTraq ID     : 13857
Debian Bug     : 311634

Sven Tantau discovered a security problem in fuse, a filesystem in
userspace, that can be exploited by malicious, local users to disclose
potentially sensitive information.

The old stable distribution (woody) does not contain the fuse package.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.1-4sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.3.0-1.

We recommend that you upgrade your fuse package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.dsc
      Size/MD5 checksum:      638 67ad2f1822f0f2d1d35d9fe432f43f33
    http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.diff.gz
      Size/MD5 checksum:    10632 7ce74449f1b13092ba083361d37bf9da
    http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1.orig.tar.gz
      Size/MD5 checksum:   355773 250d89b9c7b6ecf531df60c67f75737d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1-4sarge2_all.deb
      Size/MD5 checksum:    80392 61b3019908f4082d5d95272c34012f1e

  Alpha architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_alpha.deb
      Size/MD5 checksum:    42434 557b634171e2ba302d8991c046e04024
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_alpha.deb
      Size/MD5 checksum:    63044 812a1046936bd2b2d26c3865f2dfdbf7
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_alpha.deb
      Size/MD5 checksum:    34752 d4092db02bc55fa1ac11263ba66ad22d

  ARM architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_arm.deb
      Size/MD5 checksum:    39552 83a1291fdb2609775637ff07f60a7b39
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_arm.deb
      Size/MD5 checksum:    55034 3501e04f7e8bde3f2c0b7ee7664fc98f
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_arm.deb
      Size/MD5 checksum:    31456 788f7e86c0ef907e7555e48629d80f61

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_i386.deb
      Size/MD5 checksum:    39664 244d168e16596dfc9e0dde78dda3d736
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_i386.deb
      Size/MD5 checksum:    53146 514f9afb17a9ab8c9afca26a561044c2
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_i386.deb
      Size/MD5 checksum:    32440 f04cf2781881aa0244a0c66980524c04

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_ia64.deb
      Size/MD5 checksum:    44858 75ee6da77c009b2b232cfce3e80e8655
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_ia64.deb
      Size/MD5 checksum:    65144 0e802cae4fa5df2ca85809fee2686f2d
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_ia64.deb
      Size/MD5 checksum:    39486 de96b28421b8ae075f746a8bd16128c9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_hppa.deb
      Size/MD5 checksum:    41318 f12b30e33da42bd5c3eb32a475ddeb27
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_hppa.deb
      Size/MD5 checksum:    58146 caa618bc31fbe6c8b6ccddeb7ae6e511
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_hppa.deb
      Size/MD5 checksum:    35080 fa1252556b7383141e75a058c1407651

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_m68k.deb
      Size/MD5 checksum:    39276 76c2932cfd2626b0b5faf252b328e929
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_m68k.deb
      Size/MD5 checksum:    51548 ad3c2791ee7a7acf062243b15ff08153
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_m68k.deb
      Size/MD5 checksum:    31044 b20db10d38ed9afe98923f4c6c21c52d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mips.deb
      Size/MD5 checksum:    41196 9370d9fbece1148d6f4d685cbbb61cad
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mips.deb
      Size/MD5 checksum:    58642 3318e281bd916437bd6053a4b0f418d7
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mips.deb
      Size/MD5 checksum:    32606 931c3d56b3ca58302132c600e3de96a6

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mipsel.deb
      Size/MD5 checksum:    41224 cab1757a0eada5400ed9d25ede79a222
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mipsel.deb
      Size/MD5 checksum:    58670 d419a7e1dcd260ba1ee7ce296ce644fe
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mipsel.deb
      Size/MD5 checksum:    32596 fa4bc95dbab734518d9b91b99c1f7943

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_powerpc.deb
      Size/MD5 checksum:    40554 1470a88faced8bbc1466b3cea0da3131
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_powerpc.deb
      Size/MD5 checksum:    56116 88afed00fea11a4a71845fad6cad7a28
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_powerpc.deb
      Size/MD5 checksum:    33270 706daf2762f0badf2a534a6260d15515

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_s390.deb
      Size/MD5 checksum:    41052 2d9720667a69b3146f306c5feae242e6
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_s390.deb
      Size/MD5 checksum:    56570 b56dbfee26df133de0ff58727fa613b3
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_s390.deb
      Size/MD5 checksum:    34620 d4598efa95c23fd87a8dfd0c65824470

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_sparc.deb
      Size/MD5 checksum:    39570 56e453198b7ab517ec9aa5c05a493c81
    http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_sparc.deb
      Size/MD5 checksum:    53348 396dceda115c3ba29d6fd7589769bb82
    http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_sparc.deb
      Size/MD5 checksum:    31424 5c59be00b12c579440951b8b7f2fc87c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzpKCW5ql+IAeqTIRAmAVAJ96uD+4vkmz6Sc495gLxDUIO5yCcACffUAK
n2DxfTqYjsC49zl/qhH1mfo=
=vu1Q
-----END PGP SIGNATURE-----

    

- 漏洞信息

17042
FUSE Malformed Read Request Arbitrary Kernel Memory Disclosure
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-02 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FUSE Local Information Disclosure Vulnerability
Design Error 13857
No Yes
2005-06-06 12:00:00 2009-07-12 02:56:00
Sven Tantau <sven@sven-tantau.de> is credited with the discovery of this vulnerability.

- 受影响的程序版本

Miklos Szeredi FUSE 2.3 -rc1
Miklos Szeredi FUSE 2.2.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Miklos Szeredi FUSE 2.2
Miklos Szeredi FUSE 2.3 .0

- 不受影响的程序版本

Miklos Szeredi FUSE 2.3 .0

- 漏洞讨论

FUSE is susceptible to a local information disclosure vulnerability. This issue is due to a failure of the kernel module to properly clear used memory prior to its reuse.

This vulnerability allows malicious local users to gain access to potentially sensitive kernel memory, aiding them in further attacks.

FUSE versions 2.2, 2.2.1, 2.3-pre*, and 2.3-rc1, running on Linux kernel versions 2.4, through 2.6 are affected by this issue.

- 漏洞利用

A proof of concept exploit is available:

- 解决方案

The vendor has released version 2.3.0 of FUSE to resolve this issue.

Debian has released advisory DSA 744-1 to address this issue. Please see the referenced advisory for more information.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.


Miklos Szeredi FUSE 2.2

Miklos Szeredi FUSE 2.2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站