Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2015-558)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120031

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2015-558)

Resumen: The remote host is missing an update for the 'fuse' package(s) announced via the ALAS-2015-558 advisory.

Descripción: Summary:
The remote host is missing an update for the 'fuse' package(s) announced via the ALAS-2015-558 advisory.

Vulnerability Insight:
It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system.

Affected Software/OS:
'fuse' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3202
1032386
http://www.securitytracker.com/id/1032386
37089
https://www.exploit-db.com/exploits/37089/
74765
http://www.securityfocus.com/bid/74765
DSA-3266
http://www.debian.org/security/2015/dsa-3266
DSA-3268
http://www.debian.org/security/2015/dsa-3268
FEDORA-2015-8751
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
FEDORA-2015-8756
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
FEDORA-2015-8771
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
FEDORA-2015-8773
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
FEDORA-2015-8777
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
FEDORA-2015-8782
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
GLSA-201603-04
https://security.gentoo.org/glsa/201603-04
GLSA-201701-19
https://security.gentoo.org/glsa/201701-19
USN-2617-1
http://www.ubuntu.com/usn/USN-2617-1
USN-2617-2
http://www.ubuntu.com/usn/USN-2617-2
USN-2617-3
http://www.ubuntu.com/usn/USN-2617-3
[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation
http://www.openwall.com/lists/oss-security/2015/05/21/9
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
https://gist.github.com/taviso/ecb70eb12d461dd85cba
https://twitter.com/taviso/status/601370527437967360
openSUSE-SU-2015:0997
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
openSUSE-SU-2015:1003
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120031
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-558)
Resumen:	The remote host is missing an update for the 'fuse' package(s) announced via the ALAS-2015-558 advisory.
Descripción:	Summary: The remote host is missing an update for the 'fuse' package(s) announced via the ALAS-2015-558 advisory. Vulnerability Insight: It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. Affected Software/OS: 'fuse' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3202 1032386 http://www.securitytracker.com/id/1032386 37089 https://www.exploit-db.com/exploits/37089/ 74765 http://www.securityfocus.com/bid/74765 DSA-3266 http://www.debian.org/security/2015/dsa-3266 DSA-3268 http://www.debian.org/security/2015/dsa-3268 FEDORA-2015-8751 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html FEDORA-2015-8756 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html FEDORA-2015-8771 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html FEDORA-2015-8773 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html FEDORA-2015-8777 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html FEDORA-2015-8782 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html GLSA-201603-04 https://security.gentoo.org/glsa/201603-04 GLSA-201701-19 https://security.gentoo.org/glsa/201701-19 USN-2617-1 http://www.ubuntu.com/usn/USN-2617-1 USN-2617-2 http://www.ubuntu.com/usn/USN-2617-2 USN-2617-3 http://www.ubuntu.com/usn/USN-2617-3 [oss-security] 20150521 CVE-2015-3202 fuse privilege escalation http://www.openwall.com/lists/oss-security/2015/05/21/9 http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html https://gist.github.com/taviso/ecb70eb12d461dd85cba https://twitter.com/taviso/status/601370527437967360 openSUSE-SU-2015:0997 http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html openSUSE-SU-2015:1003 http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
Copyright	Copyright (C) 2015 Greenbone AG