Published: 26/01/2016 Updated: 01/02/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An unspecified udev rule in the Debian fuse package in jessie prior to 2.9.3-15+deb8u2, in stretch prior to 2.9.5-1, and in sid prior to 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian fuse

Jann Horn discovered a vulnerability in the fuse (Filesystem in Userspace) package in Debian The fuse package ships an udev rule adjusting permissions on the related /dev/cuse character device, making it world writable This permits a local, unprivileged attacker to create an arbitrarily-named character device in /dev and modify the memory of any ...

An unspecified udev rule in the Debian fuse package in jessie before 293-15+deb8u2, in stretch before 295-1, and in sid before 295-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl ...

CWE-264 http://www.debian.org/security/2016/dsa-3451 https://nvd.nist.gov https://www.debian.org/security/./dsa-3451

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1233

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect