CVE-2016-1233

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
debianfuse
𝑥
≤ 2.9.3-14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
fuse
bullseye
2.9.9-5
fixed
wheezy
not-affected
squeeze
not-affected
bookworm
2.9.9-6
fixed
sid
2.9.9-9
fixed
trixie
2.9.9-9
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
fuse
wily
not-affected
vivid
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://www.debian.org/security/2016/dsa-3451
http://www.debian.org/security/2016/dsa-3451