CVE-2015-3202

EPSS 0.34%

ntfs-3g - security update

發布日:2015/7/2修改日:2026/4/28

描述

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

受影響套件(8)

Debian/fusefrom 0, < 2.9.3-16
Debian/fusefrom 0, < 2.8.4-1.1+deb6u1
Debian/fusefrom 0, < 2.9.0-2+deb7u2
Debian/ntfs-3gfrom 0, < 1:2014.2.15AR.3-3
Debian/ntfs-3gfrom 0, < 1:2010.3.6-1+deb6u1
Debian/ntfs-3gfrom 0, < 1:2010.3.6-1+deb6u2
Debian/ntfs-3gfrom 0, < 1:2012.1.15AR.5-2.1+deb7u1
Debian/ntfs-3gfrom 0, < 1:2012.1.15AR.5-2.1+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3202