CVE-2015-3202 ntfs-3g

Metadata

low
3.6
ntfs-3g
CVE-2015-3202
2017-06-18 07:04
ALAS-2015-558
CVE-2015-3202 fuse
CVE-2015-3202
2017-06-16 19:14
2017-04-01 19:11
2017-01-05 20:16

Description

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster ntfs-3g 1:2014.2.15AR.3-3
jessie ntfs-3g 1:2014.2.15AR.2-1+deb8u2
sid ntfs-3g 1:2014.2.15AR.3-3
stretch ntfs-3g 1:2014.2.15AR.3-3
wheezy ntfs-3g 1:2012.1.15AR.5-2.1+deb7u2