CVE-2015-3202

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2015-3202
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-3202.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2015-3202
Related
Published
2015-07-02T21:59:03Z
Modified
2024-09-18T01:00:21Z
Summary
[none]
Details

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

References

Affected packages

Debian:11 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3-16

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3-16

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / fuse

Package

Name
fuse
Purl
pkg:deb/debian/fuse?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.3-16

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2014.2.15AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2014.2.15AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / ntfs-3g

Package

Name
ntfs-3g
Purl
pkg:deb/debian/ntfs-3g?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2014.2.15AR.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}