DSA-3266 fuse - security update
|
System information
|
|
|
Affected software |
Debian |
Description
|
Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does notscrub the environment before executing mount or umount with elevatedprivileges. A local user can take advantage of this flaw to overwritearbitrary files and gain elevated privileges by accessing debuggingfeatures via the environment that would not normally be safe forunprivileged users.
More info:
https://www.debian.org/security/2015/dsa-3266 |
Standar resources
|
Property |
Value |
CVE |
CVE-2015-3202 and DSA-3266. |