fuse: fix for CVE-2015-3202 Privilege Escalation (96a4d9ad) · Commits · poplar / meta-openembedded

Commit 96a4d9ad authored Jul 16, 2015 by

Tudor Florea Committed by Martin Jansa Jul 30, 2015

fuse: fix for CVE-2015-3202 Privilege Escalation

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9



Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

parent 81d8056d

Hide whitespace changes

Inline Side-by-side

Please register or to comment

Admin message

fuse: fix for CVE-2015-3202 Privilege Escalation