A vulnerability has been discovered in the FUSE subsystem on Linux. It allows a malicious person having an unprivileged account on a vulnerable system to take the full control of this system. Technical context : FUSE (Filesystem in Userspace) is an optional subsystem of the Linux kernel that allows handling new filesystems without the need to modify the kernel sources. As it is executed in userspace, unprivileged user can directly use FUSE to mount filesystems. Technical information : FUSE incorrectly filtered environment variables before executing mount or umount with elevated privileges. This allows a local attacker to gain administrative privileges. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
The link below has the steps to reproduce the problem: https://marc.info/?l=oss-security&m=143222736930704&w=2
