Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-9755

Опубликовано: 21 мар. 2019
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

Отчет

This flaw has a lower impact on Red Hat Enterprise Linux because the ntfs-3g tool is run in a supermin appliance, which is similar to a virtual machine instantiated on the fly, and it does not have the SUID bit set. Thus an attacker is very limited on what he can do to the vulnerable system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libguestfs-winsupportWill not fix
Red Hat Enterprise Linux 8 Advanced Virtualizationvirt:8.0.0/libguestfs-winsupportAffected
Advanced Virtualization for RHEL 8.1.0virtFixedRHBA-2019:372306.11.2019
Advanced Virtualization for RHEL 8.1.0virt-develFixedRHBA-2019:372306.11.2019
Red Hat Enterprise Linux 7libguestfs-winsupportFixedRHSA-2019:230806.08.2019
Red Hat Enterprise Linux 8virt-develFixedRHSA-2019:334505.11.2019
Red Hat Enterprise Linux 8virtFixedRHSA-2019:334505.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1691624ntfs-3g: heap-based buffer overflow leads to local root privilege escalation

EPSS

Процентиль: 56%
0.00342
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-9755

CVSS3: 7
ubuntu
около 6 лет назад

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

nvd логотип

CVE-2019-9755

CVSS3: 7
nvd
около 6 лет назад

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

msrc логотип

CVE-2019-9755

CVSS3: 7
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2019-9755

CVSS3: 7
debian
около 6 лет назад

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attack ...

suse-cvrf логотип

openSUSE-SU-2019:1314-1

suse-cvrf
около 6 лет назад

Security update for ntfs-3g_ntfsprogs

EPSS

Процентиль: 56%
0.00342
Низкий

3.3 Low

CVSS3