Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2016-1233

Published: 26 January 2016

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

Notes

AuthorNote
mdeslaur
Ubuntu doesn't ship the fuse udev rule file, so not affected

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
fuse
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Not vulnerable

trusty Not vulnerable

vivid Not vulnerable

wily Not vulnerable