Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-3202
HistoryMay 21, 2015 - 12:00 a.m.

CVE-2015-3202

2015-05-2100:00:00
ubuntu.com
ubuntu.com
11

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

0.4%

fusermount in FUSE before 2.9.3-15 does not properly clear the environment
before invoking (1) mount or (2) umount as root, which allows local users
to write to arbitrary files via a crafted LIBMOUNT_MTAB environment
variable that is used by mount’s debugging feature.

Notes

Author Note
mdeslaur ntfs-3g in vivid+ is built with an embedded fuse library instead of the system one original ntfs-3g patch was incomplete
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfuse< 2.8.6-2ubuntu2.1UNKNOWN
ubuntu14.04noarchfuse< 2.9.2-4ubuntu4.14.04.1UNKNOWN
ubuntu14.10noarchfuse< 2.9.2-4ubuntu4.14.10.1UNKNOWN
ubuntu15.04noarchfuse< 2.9.2-4ubuntu4.15.04.1UNKNOWN
ubuntu15.04noarchntfs-3g< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

EPSS

0

Percentile

0.4%