Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0239)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0239

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0239)

Resumen: The remote host is missing an update for the 'fuse' package(s) announced via the MGASA-2015-0239 advisory.

Descripción: Summary:
The remote host is missing an update for the 'fuse' package(s) announced via the MGASA-2015-0239 advisory.

Vulnerability Insight:
Updated fuse packages fix security vulnerability:

Tavis Ormandy discovered that FUSE incorrectly filtered environment variables.
A local attacker could use this issue to gain administrative privileges
(CVE-2015-3202).

Affected Software/OS:
'fuse' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3202
1032386
http://www.securitytracker.com/id/1032386
37089
https://www.exploit-db.com/exploits/37089/
74765
http://www.securityfocus.com/bid/74765
DSA-3266
http://www.debian.org/security/2015/dsa-3266
DSA-3268
http://www.debian.org/security/2015/dsa-3268
FEDORA-2015-8751
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
FEDORA-2015-8756
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
FEDORA-2015-8771
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
FEDORA-2015-8773
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
FEDORA-2015-8777
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
FEDORA-2015-8782
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
GLSA-201603-04
https://security.gentoo.org/glsa/201603-04
GLSA-201701-19
https://security.gentoo.org/glsa/201701-19
USN-2617-1
http://www.ubuntu.com/usn/USN-2617-1
USN-2617-2
http://www.ubuntu.com/usn/USN-2617-2
USN-2617-3
http://www.ubuntu.com/usn/USN-2617-3
[oss-security] 20150521 CVE-2015-3202 fuse privilege escalation
http://www.openwall.com/lists/oss-security/2015/05/21/9
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
https://gist.github.com/taviso/ecb70eb12d461dd85cba
https://twitter.com/taviso/status/601370527437967360
openSUSE-SU-2015:0997
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
openSUSE-SU-2015:1003
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0239
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0239)
Resumen:	The remote host is missing an update for the 'fuse' package(s) announced via the MGASA-2015-0239 advisory.
Descripción:	Summary: The remote host is missing an update for the 'fuse' package(s) announced via the MGASA-2015-0239 advisory. Vulnerability Insight: Updated fuse packages fix security vulnerability: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges (CVE-2015-3202). Affected Software/OS: 'fuse' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3202 1032386 http://www.securitytracker.com/id/1032386 37089 https://www.exploit-db.com/exploits/37089/ 74765 http://www.securityfocus.com/bid/74765 DSA-3266 http://www.debian.org/security/2015/dsa-3266 DSA-3268 http://www.debian.org/security/2015/dsa-3268 FEDORA-2015-8751 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html FEDORA-2015-8756 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html FEDORA-2015-8771 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html FEDORA-2015-8773 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html FEDORA-2015-8777 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html FEDORA-2015-8782 http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html GLSA-201603-04 https://security.gentoo.org/glsa/201603-04 GLSA-201701-19 https://security.gentoo.org/glsa/201701-19 USN-2617-1 http://www.ubuntu.com/usn/USN-2617-1 USN-2617-2 http://www.ubuntu.com/usn/USN-2617-2 USN-2617-3 http://www.ubuntu.com/usn/USN-2617-3 [oss-security] 20150521 CVE-2015-3202 fuse privilege escalation http://www.openwall.com/lists/oss-security/2015/05/21/9 http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html https://gist.github.com/taviso/ecb70eb12d461dd85cba https://twitter.com/taviso/status/601370527437967360 openSUSE-SU-2015:0997 http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html openSUSE-SU-2015:1003 http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
Copyright	Copyright (C) 2022 Greenbone AG