Lucene search

K
cve[email protected]CVE-2015-3202
HistoryJul 02, 2015 - 9:59 p.m.

CVE-2015-3202

2015-07-0221:59:03
CWE-264
web.nvd.nist.gov
73
fusermount
fuse
cve-2015-3202
security vulnerability
local users
arbitrary files

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6

Confidence

Low

EPSS

0

Percentile

0.4%

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mountโ€™s debugging feature.

Affected configurations

NVD
Node
debiandebian_linuxMatch8.0
Node
fuse_projectfuseRangeโ‰ค2.9.2

References

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6

Confidence

Low

EPSS

0

Percentile

0.4%