The 'fusermount' binary, part of the FUSE system in Linux, executes the /bin/mount binary with ruid set to 0 without clearing the environment variables provided by unprivileged users. This flaw can be leveraged by local unprivileged users to gain root privileges by leveraging the functionality provided by the LIBMOUNT_MTAB environment variable to overwrite an arbitrary file on the affected system. This module will try to overwrite the /etc/bash.bashrc file, which is executed every time any user spawns an interactive Bash shell. That means that a new agent will be deployed every time any user opens a new interactive shell (either login or non-login ones) on the vulnerable machine. Note that this also means that installed agents will run with the privileges of the users that have launched interactive shells. Unlike other privilege escalation exploits, this module will not stop after installing the first agent; it will stay running until a new agent with root permissions is installed (that is, if the root user happens to run an interactive shell on the vulnerable machine), or until the user-specified time limit is reached, whatever happens first. Note that non-root agents will be kept, since they still can be valuable despite not having superuser privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name