Published: 17/07/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
afuse afuse 0.2

Debian Bug report logs - #490921 CVE-2008-2232: privilege escalation Package: afuse; Maintainer for afuse is Varun Hiremath <varun@debianorg>; Source for afuse is src:afuse (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Tue, 15 Jul 2008 11:07:01 UTC Severity: grave Tags: secu ...

Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem For the stable distribution (etch), this problem has been fixed in version 011-1+etch1 For the unst ...

CWE-264 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921 http://secunia.com/advisories/31086 http://www.debian.org/security/2008/dsa-1611 http://secunia.com/advisories/31131 http://www.securityfocus.com/bid/30245 http://secunia.com/advisories/36358 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00921.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00947.html https://exchange.xforce.ibmcloud.com/vulnerabilities/43834 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921 https://nvd.nist.gov https://www.debian.org/security/./dsa-1611

CVE-2008-2232

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect