CVE Vulnerabilities

CVE-2016-1233

Published: Jan 26, 2016 | Modified: Feb 01, 2016
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
6 MODERATE
AV:L/AC:H/Au:S/C:C/I:C/A:C
RedHat/V3
Ubuntu
MEDIUM

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

Affected Software

Name Vendor Start Version End Version
Fuse Debian * 2.9.3-14 (including)

References