CVE-2010-0789

NameCVE-2010-0789
Descriptionfusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1989-1
Debian Bugs567633

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
fuse (PTS)jessie, jessie (lts)2.9.3-15+deb8u3fixed
stretch2.9.7-1+deb9u2fixed
stretch (security), stretch (lts)2.9.7-1+deb9u1fixed
buster2.9.9-1+deb10u1fixed
bullseye2.9.9-5fixed
bookworm2.9.9-6fixed
sid, trixie2.9.9-9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
fusesourceetch2.5.3-4.4+etch1DSA-1989-1
fusesourcelenny2.7.4-1.1+lenny1DSA-1989-1
fusesource(unstable)2.8.1-1.2567633

Notes

Initial DSA released as CVE-2009-3297
Search for package or bug name: Reporting problems