Skip to main content

Fuse CVE-2016-1233

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2016-01-26 security@debian.org
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 26, 2016 - 19:59 cve.org
HIGH 7.8

DescriptionCVE.org

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl.

AnalysisAI

An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. Affected products include: Debian Fuse. Version information: before 2.9.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Fuse

View all
CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2018-1270 CRITICAL POC
9.8 Apr 06

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app

CVE-2018-10906 HIGH POC
7.8 Jul 24

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is act

CVE-2020-25689 MEDIUM POC
6.5 Nov 02

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2025-12543 CRITICAL
9.6 Jan 07

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal net

CVE-2019-10174 HIGH
8.8 Nov 25

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allow

CVE-2018-1258 HIGH
8.8 May 11

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization b

CVE-2017-7957 HIGH
7.5 Apr 29

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the

CVE-2019-0204 HIGH
7.8 Mar 25

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container ru

CVE-2025-9784 HIGH
7.5 Sep 02

Undertow, a Java web server used across Red Hat's JBoss Enterprise Application Platform, Fuse, and other middleware prod

CVE-2015-3202 LOW POC
3.6 Jul 02

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as ro

Share

CVE-2016-1233 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy