fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
References
Configurations
History
No history.
Information
Published : 2015-07-02 21:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-3202
Mitre link : CVE-2015-3202
CVE.ORG link : CVE-2015-3202
JSON object : View
Products Affected
fuse_project
- fuse
debian
- debian_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls