CVE-2016-1233Incorrect Permission Assignment in Fuse

CWE-264CWE-732Incorrect Permission Assignment8 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 70.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat FuseDebian Fuse
Timeline
PublishedJan 26
Latest updateMay 17

Description

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDdebian/fuse2.9.3-14
Debianredhat/fuse< 2.9.5-1+2

🔴Vulnerability Details

3
GHSA
GHSA-7682-r2fh-32xp: An unspecified udev rule in the Debian fuse package in jessie before 22022-05-17
CVEList
CVE-2016-1233: An unspecified udev rule in the Debian fuse package in jessie before 22016-01-26
OSV
CVE-2016-1233: An unspecified udev rule in the Debian fuse package in jessie before 22016-01-26

📋Vendor Advisories

2
Red Hat
fuse: udev rule creates world-writeable /dev/cuse2016-01-20
Debian
CVE-2016-1233: fuse - An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+de...2016

💬Community

2
Bugzilla
CVE-2016-1233 fuse: udev rule creates world-writeable /dev/cuse2016-01-22
Bugzilla
CVE-2016-1233 fuse: udev rule creates world-writeable /dev/cuse [fedora-all]2016-01-22
CVE-2016-1233 — Incorrect Permission Assignment in Fuse | cvebase