Unrated severityNVD Advisory· Published Jul 2, 2015· Updated May 6, 2026
CVE-2015-3202
CVE-2015-3202
Description
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Affected products
2- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- www.openwall.com/lists/oss-security/2015/05/21/9nvdExploit
- gist.github.com/taviso/ecb70eb12d461dd85cbanvdExploit
- lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-06/msg00005.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-06/msg00007.htmlnvd
- packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.htmlnvd
- www.debian.org/security/2015/dsa-3266nvd
- www.debian.org/security/2015/dsa-3268nvd
- www.securityfocus.com/bid/74765nvd
- www.securitytracker.com/id/1032386nvd
- www.ubuntu.com/usn/USN-2617-1nvd
- www.ubuntu.com/usn/USN-2617-2nvd
- www.ubuntu.com/usn/USN-2617-3nvd
- security.gentoo.org/glsa/201603-04nvd
- security.gentoo.org/glsa/201701-19nvd
- twitter.com/taviso/status/601370527437967360nvd
- www.exploit-db.com/exploits/37089/nvd
News mentions
0No linked articles in our index yet.