CVE-2015-3202

NONECVSS 0.0

0.0

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

🔗 References (44)

secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
secalert@redhathttp://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
secalert@redhathttp://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
secalert@redhathttp://www.debian.org/security/2015/dsa-3266
secalert@redhathttp://www.debian.org/security/2015/dsa-3268
secalert@redhathttp://www.openwall.com/lists/oss-security/2015/05/21/9
secalert@redhathttp://www.securityfocus.com/bid/74765
secalert@redhathttp://www.securitytracker.com/id/1032386
secalert@redhathttp://www.ubuntu.com/usn/USN-2617-1

Is Your Infrastructure Affected by CVE-2015-3202?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-3202

📅 Published

🔄 Last Modified

🔗 References (44)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-3202?