Back to search
CVE-2015-3202
Published: Jul 2, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3268
vendor-advisory
x_refsource_DEBIAN
USN-2617-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2015-8771
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-8782
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-8751
vendor-advisory
x_refsource_FEDORA
1032386
vdb-entry
x_refsource_SECTRACK
https://gist.github.com/taviso/ecb70eb12d461dd85cba
x_refsource_MISC
74765
vdb-entry
x_refsource_BID
FEDORA-2015-8773
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2015:1003
vendor-advisory
x_refsource_SUSE
DSA-3266
vendor-advisory
x_refsource_DEBIAN
GLSA-201603-04
vendor-advisory
x_refsource_GENTOO
USN-2617-2
vendor-advisory
x_refsource_UBUNTU
FEDORA-2015-8777
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-8756
vendor-advisory
x_refsource_FEDORA
GLSA-201701-19
vendor-advisory
x_refsource_GENTOO
[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation
mailing-list
x_refsource_MLIST
openSUSE-SU-2015:0997
vendor-advisory
x_refsource_SUSE
https://twitter.com/taviso/status/601370527437967360
x_refsource_MISC
37089
exploit
x_refsource_EXPLOIT-DB
USN-2617-3
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now