CVE-2015-3202
Publication date 21 May 2015
Last updated 24 July 2024
Ubuntu priority
Description
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
Status
| Package | Ubuntu Release | Status | 
|---|---|---|
| fuse | ||
| 14.04 LTS trusty | 
                                Fixed 2.9.2-4ubuntu4.14.04.1 
                                
                               | |
| ntfs-3g | ||
| 14.04 LTS trusty | 
                                Not affected 
                                
                               | |
Notes
mdeslaur
ntfs-3g in vivid+ is built with an embedded fuse library instead of the system one original ntfs-3g patch was incomplete
References
Related Ubuntu Security Notices (USN)
- USN-2617-1
- FUSE vulnerability
- 21 May 2015
- USN-2617-2
- NTFS-3G vulnerability
- 22 May 2015
- USN-2617-3
- NTFS-3G vulnerability
- 27 May 2015