Lucene search

K
amazonAmazonALAS-2015-558
HistoryJul 07, 2015 - 12:33 p.m.

Medium: fuse

2015-07-0712:33:00
alas.aws.amazon.com
11

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

0.4%

Issue Overview:

It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system.

Affected Packages:

fuse

Issue Correction:
Run yum update fuse to update your system.

New Packages:

i686:  
    fuse-debuginfo-2.9.4-1.17.amzn1.i686  
    fuse-devel-2.9.4-1.17.amzn1.i686  
    fuse-2.9.4-1.17.amzn1.i686  
    fuse-libs-2.9.4-1.17.amzn1.i686  
  
src:  
    fuse-2.9.4-1.17.amzn1.src  
  
x86_64:  
    fuse-devel-2.9.4-1.17.amzn1.x86_64  
    fuse-debuginfo-2.9.4-1.17.amzn1.x86_64  
    fuse-2.9.4-1.17.amzn1.x86_64  
    fuse-libs-2.9.4-1.17.amzn1.x86_64  

Additional References

Red Hat: CVE-2015-3202

Mitre: CVE-2015-3202

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

0.4%