Description: Follow Jeff Ferrell on twitter @jeffxf
The FUSE vulnerability, CVE-2015-3202 allows a normal user to rewrite arbitrary files. One option, as pointed out by Tavis, is to rewrite /etc/bash.bashrc to set the setuid bit for /bin/dash allowing normal users on the host to run commands with elevated privileges.
Research / Information obtained from Tavis Ormandy via:
http://seclists.org/oss-sec/2015/q2/520
https://gist.github.com/taviso/ecb70eb12d461dd85cba
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.