Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2015-3202 — Improper Input Validation in Project Fuse
Severity
3.6LOWNVD
EPSS
0.3%
top 43.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJul 2
Latest updateMay 17
Description
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
CVSS vector
AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9
Affected Packages3 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2015-3202: fuse - fusermount in FUSE before 2.9.3-15 does not properly clear the environment befor...↗2015
💬Community
4Bugzilla▶
CVE-2015-3202 ntfs-3g: fuse: incorrect filtering of environment variables leading to privilege escalation [epel-all]↗2015-05-22
Bugzilla▶
CVE-2015-3202 ntfs-3g: fuse: incorrect filtering of environment variables leading to privilege escalation [fedora-all]↗2015-05-22
Bugzilla▶
CVE-2015-3202 fuse: incorrect filtering of environment variables leading to privilege escalation [fedora-all]↗2015-05-22
Bugzilla▶
CVE-2015-3202 fuse: incorrect filtering of environment variables leading to privilege escalation↗2015-05-22