Ubuntu Local Security Checks : Ubuntu Update for fuse USN-2617-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.842210

Categoría: Ubuntu Local Security Checks

Título: Ubuntu Update for fuse USN-2617-1

Resumen: The remote host is missing an update for the 'fuse'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'fuse'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Tavis Ormandy discovered that FUSE
incorrectly filtered environment variables. A local attacker could use this
issue to gain administrative privileges.

Affected Software/OS:
fuse on Ubuntu 14.10,
Ubuntu 14.04 LTS,
Ubuntu 12.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
3.6

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3202
BugTraq ID: 74765
http://www.securityfocus.com/bid/74765
Debian Security Information: DSA-3266 (Google Search)
http://www.debian.org/security/2015/dsa-3266
Debian Security Information: DSA-3268 (Google Search)
http://www.debian.org/security/2015/dsa-3268
https://www.exploit-db.com/exploits/37089/
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html
https://security.gentoo.org/glsa/201603-04
https://security.gentoo.org/glsa/201701-19
http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html
https://gist.github.com/taviso/ecb70eb12d461dd85cba
https://twitter.com/taviso/status/601370527437967360
http://www.openwall.com/lists/oss-security/2015/05/21/9
http://www.securitytracker.com/id/1032386
SuSE Security Announcement: openSUSE-SU-2015:0997 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html
SuSE Security Announcement: openSUSE-SU-2015:1003 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html
http://www.ubuntu.com/usn/USN-2617-1
http://www.ubuntu.com/usn/USN-2617-2
http://www.ubuntu.com/usn/USN-2617-3

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.842210
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for fuse USN-2617-1
Resumen:	The remote host is missing an update for the 'fuse'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'fuse' package(s) announced via the referenced advisory. Vulnerability Insight: Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges. Affected Software/OS: fuse on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3202 BugTraq ID: 74765 http://www.securityfocus.com/bid/74765 Debian Security Information: DSA-3266 (Google Search) http://www.debian.org/security/2015/dsa-3266 Debian Security Information: DSA-3268 (Google Search) http://www.debian.org/security/2015/dsa-3268 https://www.exploit-db.com/exploits/37089/ http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159831.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159683.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159543.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159298.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160106.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160094.html https://security.gentoo.org/glsa/201603-04 https://security.gentoo.org/glsa/201701-19 http://packetstormsecurity.com/files/132021/Fuse-Local-Privilege-Escalation.html https://gist.github.com/taviso/ecb70eb12d461dd85cba https://twitter.com/taviso/status/601370527437967360 http://www.openwall.com/lists/oss-security/2015/05/21/9 http://www.securitytracker.com/id/1032386 SuSE Security Announcement: openSUSE-SU-2015:0997 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00005.html SuSE Security Announcement: openSUSE-SU-2015:1003 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-06/msg00007.html http://www.ubuntu.com/usn/USN-2617-1 http://www.ubuntu.com/usn/USN-2617-2 http://www.ubuntu.com/usn/USN-2617-3
Copyright	Copyright (C) 2015 Greenbone Networks GmbH