[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3202Date: (C)2015-06-20   (M)2023-12-22


fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1032386
EXPLOIT-DB-37089
BID-74765
DSA-3266
DSA-3268
FEDORA-2015-8751
FEDORA-2015-8756
FEDORA-2015-8771
FEDORA-2015-8773
FEDORA-2015-8777
FEDORA-2015-8782
GLSA-201603-04
GLSA-201701-19
USN-2617-1
USN-2617-2
USN-2617-3
http://www.openwall.com/lists/oss-security/2015/05/21/9
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
https://gist.github.com/taviso/ecb70eb12d461dd85cba
https://twitter.com/taviso/status/601370527437967360
openSUSE-SU-2015:0997
openSUSE-SU-2015:1003

CPE    1
cpe:/o:debian:debian_linux:8.0
CWE    1
CWE-264
OVAL    15
oval:org.secpod.oval:def:602108
oval:org.secpod.oval:def:109109
oval:org.secpod.oval:def:602113
oval:org.secpod.oval:def:52486
...

© SecPod Technologies