CVE-2015-3202
Description
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mounts debugging feature.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.336
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Filesystem in Userspace (USN-2617-1) fuse_2.8.6-2ubuntu2.1_i386.deb | Linux |
| Filesystem in Userspace (USN-2617-1) fuse_2.8.6-2ubuntu2.1_amd64.deb | Linux |
| Filesystem in Userspace (USN-2617-1) fuse_2.9.2-4ubuntu4.14.04.1_i386.deb | Linux |
| Filesystem in Userspace (USN-2617-1) fuse_2.9.2-4ubuntu4.14.04.1_amd64.deb | Linux |
| Filesystem in Userspace (USN-2617-1) fuse_2.9.2-4ubuntu4.15.04.1_i386.deb | Linux |
| Filesystem in Userspace (USN-2617-1) fuse_2.9.2-4ubuntu4.15.04.1_amd64.deb | Linux |
| read/write NTFS driver for FUSE (USN-2617-2) ntfs-3g_2014.2.15AR.3-1_i386.deb | Linux |
| read/write NTFS driver for FUSE (USN-2617-2) ntfs-3g_2014.2.15AR.3-1_amd64.deb | Linux |
| read/write NTFS driver for FUSE (USN-2617-2) ntfs-3g_2014.2.15AR.3-1ubuntu0.2_i386.deb | Linux |
| read/write NTFS driver for FUSE (USN-2617-2) ntfs-3g_2014.2.15AR.3-1ubuntu0.2_amd64.deb | Linux |
| Fuse 2.9.2-4ubuntu4.14.04.1 for Ubuntu 14.04 LTS (x64) fuse_2.9.2-4ubuntu4.14.04.1_amd64.deb | Linux |
| Fuse 2.9.2-4ubuntu4.14.04.1 for Ubuntu 14.04 LTS fuse_2.9.2-4ubuntu4.14.04.1_i386.deb | Linux |
| fuse security update(DSA-3266-1) fuse_2.9.0-2+deb7u2_i386.deb | Linux |
| fuse security update(DSA-3266-1) fuse_2.9.0-2+deb7u2_amd64.deb | Linux |
| ntfs-3g security update(DSA-3268-2) ntfs-3g_2016.2.22AR.1-3_i386.deb | Linux |
| ntfs-3g security update(DSA-3268-2) ntfs-3g_2016.2.22AR.1-3_amd64.deb | Linux |
| fuse security update(DSA-3451-1) fuse_2.9.3-15+deb8u2_i386.deb | Linux |
| fuse security update(DSA-3451-1) fuse_2.9.3-15+deb8u2_amd64.deb | Linux |
| ntfs-3g security update(DSA-3780-1) ntfs-3g_2016.2.22AR.1-3_i386.deb | Linux |
| ntfs-3g security update(DSA-3780-1) ntfs-3g_2016.2.22AR.1-3_amd64.deb | Linux |
| Fuse 2.9.0-2+deb7u2 for Debian GNU/Linux 7 (wheezy) fuse_2.9.0-2+deb7u2_i386.deb | Linux |
| Fuse 2.9.3-15+deb8u2 for Debian GNU/Linux 8 (jessie) (x64) fuse_2.9.3-15+deb8u2_amd64.deb | Linux |
| SUSE-SU-2015:1024-1(SUSE Linux Enterprise Desktop 11 SP3 ) fuse-2.8.7-0.11.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1024-1(SUSE Linux Enterprise Desktop 11 SP3 ) libfuse2-2.8.7-0.11.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1053-1(SUSE Linux Enterprise Desktop 12 ) fuse-2.9.3-5.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1053-1(SUSE Linux Enterprise Desktop 12 ) fuse-debuginfo-2.9.3-5.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1053-1(SUSE Linux Enterprise Desktop 12 ) fuse-debugsource-2.9.3-5.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1053-1(SUSE Linux Enterprise Desktop 12 ) libfuse2-2.9.3-5.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1053-1(SUSE Linux Enterprise Desktop 12 ) libfuse2-debuginfo-2.9.3-5.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234