CVE-2015-3202

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

3.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
http://www.debian.org/security/2015/dsa-3266
http://www.debian.org/security/2015/dsa-3268
http://www.openwall.com/lists/oss-security/2015/05/21/9 Exploit
http://www.securityfocus.com/bid/74765
http://www.securitytracker.com/id/1032386
http://www.ubuntu.com/usn/USN-2617-1
http://www.ubuntu.com/usn/USN-2617-2
http://www.ubuntu.com/usn/USN-2617-3
https://gist.github.com/taviso/ecb70eb12d461dd85cba Exploit
https://security.gentoo.org/glsa/201603-04
https://security.gentoo.org/glsa/201701-19
https://twitter.com/taviso/status/601370527437967360
https://www.exploit-db.com/exploits/37089/
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
http://www.debian.org/security/2015/dsa-3266
http://www.debian.org/security/2015/dsa-3268
http://www.openwall.com/lists/oss-security/2015/05/21/9 Exploit
http://www.securityfocus.com/bid/74765
http://www.securitytracker.com/id/1032386
http://www.ubuntu.com/usn/USN-2617-1
http://www.ubuntu.com/usn/USN-2617-2
http://www.ubuntu.com/usn/USN-2617-3
https://gist.github.com/taviso/ecb70eb12d461dd85cba Exploit
https://security.gentoo.org/glsa/201603-04
https://security.gentoo.org/glsa/201701-19
https://twitter.com/taviso/status/601370527437967360
https://www.exploit-db.com/exploits/37089/
Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:fuse_project:fuse:*:*:*:*:*:*:*:*
History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html - () http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html -
References () http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html - () http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html -
References () http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html - () http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html -
References () http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html - () http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html -
References () http://www.debian.org/security/2015/dsa-3266 - () http://www.debian.org/security/2015/dsa-3266 -
References () http://www.debian.org/security/2015/dsa-3268 - () http://www.debian.org/security/2015/dsa-3268 -
References () http://www.openwall.com/lists/oss-security/2015/05/21/9 - Exploit () http://www.openwall.com/lists/oss-security/2015/05/21/9 - Exploit
References () http://www.securityfocus.com/bid/74765 - () http://www.securityfocus.com/bid/74765 -
References () http://www.securitytracker.com/id/1032386 - () http://www.securitytracker.com/id/1032386 -
References () http://www.ubuntu.com/usn/USN-2617-1 - () http://www.ubuntu.com/usn/USN-2617-1 -
References () http://www.ubuntu.com/usn/USN-2617-2 - () http://www.ubuntu.com/usn/USN-2617-2 -
References () http://www.ubuntu.com/usn/USN-2617-3 - () http://www.ubuntu.com/usn/USN-2617-3 -
References () https://gist.github.com/taviso/ecb70eb12d461dd85cba - Exploit () https://gist.github.com/taviso/ecb70eb12d461dd85cba - Exploit
References () https://security.gentoo.org/glsa/201603-04 - () https://security.gentoo.org/glsa/201603-04 -
References () https://security.gentoo.org/glsa/201701-19 - () https://security.gentoo.org/glsa/201701-19 -
References () https://twitter.com/taviso/status/601370527437967360 - () https://twitter.com/taviso/status/601370527437967360 -
References () https://www.exploit-db.com/exploits/37089/ - () https://www.exploit-db.com/exploits/37089/ -
Information

Published : 2015-07-02 21:59

Updated : 2024-11-21 02:28

NVD link : CVE-2015-3202

Mitre link : CVE-2015-3202

CVE.ORG link : CVE-2015-3202

JSON object : View

Products Affected

fuse_project

  • fuse

debian

  • debian_linux
CWE
CWE-264

Permissions, Privileges, and Access Controls


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024