Lucene search

K
debianDebianDEBIAN:DSA-3266-1:229B6
HistoryMay 21, 2015 - 5:27 p.m.

[SECURITY] [DSA 3266-1] fuse security update

2015-05-2117:27:43
lists.debian.org
12

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

5.7

Confidence

Low

EPSS

0

Percentile

0.4%


Debian Security Advisory DSA-3266-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
May 21, 2015 http://www.debian.org/security/faq


Package : fuse
CVE ID : CVE-2015-3202

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not
scrub the environment before executing mount or umount with elevated
privileges. A local user can take advantage of this flaw to overwrite
arbitrary files and gain elevated privileges by accessing debugging
features via the environment that would not normally be safe for
unprivileged users.

For the oldstable distribution (wheezy), this problem has been fixed
in version 2.9.0-2+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 2.9.3-15+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your fuse packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

5.7

Confidence

Low

EPSS

0

Percentile

0.4%