#VU40704 Permissions, Privileges, and Access Controls in Debian Linux - CVE-2015-3202

Cybersecurity Help s.r.o.

Published: 2015-07-03 | Updated: 2020-08-09

Vulnerability identifier: #VU40704

Vulnerability risk: Medium

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2015-3202

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Debian Linux
Operating systems & Components / Operating system

Vendor: Debian

Description

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Debian Linux: 8.0

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
https://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
https://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
https://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
https://www.debian.org/security/2015/dsa-3266
https://www.debian.org/security/2015/dsa-3268
https://www.openwall.com/lists/oss-security/2015/05/21/9
https://www.securityfocus.com/bid/74765
https://www.securitytracker.com/id/1032386
https://www.ubuntu.com/usn/USN-2617-1
https://www.ubuntu.com/usn/USN-2617-2
https://www.ubuntu.com/usn/USN-2617-3
https://gist.github.com/taviso/ecb70eb12d461dd85cba
https://security.gentoo.org/glsa/201603-04
https://security.gentoo.org/glsa/201701-19
https://twitter.com/taviso/status/601370527437967360
https://www.exploit-db.com/exploits/37089/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Gentoo update for NTFS-3G

Amazon Linux AMI update for fuse

Permissions, Privileges, and Access Controls in Debian Linux