CVE Vulnerabilities

CVE-2015-3202

Published: Jul 02, 2015 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
7.2 IMPORTANT
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V3
Ubuntu
HIGH

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mounts debugging feature.

Affected Software

Name Vendor Start Version End Version
Debian_linux Debian 8.0 (including) 8.0 (including)
Fuse Ubuntu devel *
Fuse Ubuntu precise *
Fuse Ubuntu trusty *
Fuse Ubuntu utopic *
Fuse Ubuntu vivid *
Ntfs-3g Ubuntu devel *
Ntfs-3g Ubuntu vivid *

References