ID:3875 - Exploit for Permissions, Privileges, and Access Controls in Debian Linux - CVE-2015-3202

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3875 - Exploit for Permissions, Privileges, and Access Controls in Debian Linux - CVE-2015-3202

ID:3875 - Exploit for Permissions, Privileges, and Access Controls in Debian Linux - CVE-2015-3202

Published: August 9, 2020


Vulnerability identifier: #VU40704
Vulnerability risk: Medium
CVE-ID: CVE-2015-3202
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
Debian Linux

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.


Remediation

Install update from vendor's website.