Wind River Support Network

HomeDefectsLIN6-9933
Fixed

LIN6-9933 : Security Advisory - fuse - CVE-2015-3202

Created: May 27, 2015    Updated: Dec 3, 2018
Resolved Date: May 28, 2015
Previous ID: LIN4-32654
Found In Version: 6.0.0.18
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A vulnerability has been discovered in the FUSE subsystem on Linux. It allows a malicious person having an unprivileged account on a vulnerable system to take the full control of this system.

Technical context :
FUSE (Filesystem in Userspace) is an optional subsystem of the Linux kernel that allows handling new filesystems without the need to modify the kernel sources. As it is executed in userspace, unprivileged user can directly use FUSE to mount filesystems.

Technical information :
FUSE incorrectly filtered environment variables before executing mount or umount with elevated privileges. This allows a local attacker to gain administrative privileges.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202

Steps to Reproduce

The link below has the steps to reproduce the problem:

https://marc.info/?l=oss-security&m=143222736930704&w=2

Other Downloads


Live chat
Online