{
  "threat_severity" : "Low",
  "public_date" : "2010-01-26T00:00:00Z",
  "bugzilla" : {
    "description" : "fuse: Race condition by umount (fusermount) operations",
    "id" : "577279",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=577279"
  },
  "cvss" : {
    "cvss_base_score" : "1.7",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:S/C:N/I:N/A:P",
    "status" : "draft"
  },
  "details" : [ "fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint." ],
  "statement" : "This issue affects Red Hat Enterprise Linux 5 because it ships fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group fuse may use it the executable is owned root:fuse and mode 4750.\nRed Hat Enterprise Linux 3 and 4 do not provide the fuse package.\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttps://access.redhat.com/security/updates/classification/",
  "acknowledgement" : "Red Hat would like to thank Dan Rosenberg for reporting this issue.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "fuse",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "fuse",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-0789\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0789" ],
  "name" : "CVE-2010-0789",
  "csaw" : false
}