Published: 02/07/2015 Updated: 01/07/2017

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

VMScore: 365

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

fusermount in FUSE prior to 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
fuse project fuse

Debian Bug report logs - #786439 fuse: CVE-2015-3202 Package: src:fuse; Maintainer for src:fuse is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 May 2015 17:39:07 UTC Severity: grave Tags: security, upstream Found in versions fuse/290-1, fuse/284-1 ...

NTFS-3G could be made to overwrite files as the administrator ...

FUSE could be made to overwrite files as the administrator ...

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe ...

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the environment that would not normally be safe for unpriv ...

It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands A local user could possibly use this flaw to escalate their privileges on the system ...

Source: gistgithubcom/taviso/ecb70eb12d461dd85cba Tweet: twittercom/taviso/status/601370527437967360 Recommend Reading: seclistsorg/oss-sec/2015/q2/520 YouTube: wwwyoutubecom/watch?v=V0i3uJJPJ88 # Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet 123456789012345678901234567890123456789012345 ...

Fuse (fusermount) suffers from a local privilege escalation vulnerability This is a proof of concept for Ubuntu ...

CWE-264 https://twitter.com/taviso/status/601370527437967360 http://www.securityfocus.com/bid/74765 https://gist.github.com/taviso/ecb70eb12d461dd85cba http://www.debian.org/security/2015/dsa-3266 http://www.openwall.com/lists/oss-security/2015/05/21/9 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html http://www.securitytracker.com/id/1032386 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html https://www.exploit-db.com/exploits/37089/http://www.ubuntu.com/usn/USN-2617-3 https://security.gentoo.org/glsa/201603-04 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html http://www.ubuntu.com/usn/USN-2617-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html http://www.ubuntu.com/usn/USN-2617-2 http://www.debian.org/security/2015/dsa-3268 http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html https://security.gentoo.org/glsa/201701-19 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786439 https://nvd.nist.gov https://usn.ubuntu.com/2617-3/https://www.exploit-db.com/exploits/37089/

CVE-2015-3202

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect