Описание
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Отчет
This flaw has a lower impact on Red Hat Enterprise Linux because the ntfs-3g tool is run in a supermin appliance, which is similar to a virtual machine instantiated on the fly, and it does not have the SUID bit set. Thus an attacker is very limited on what he can do to the vulnerable system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libguestfs-winsupport | Will not fix | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:8.0.0/libguestfs-winsupport | Affected | ||
| Advanced Virtualization for RHEL 8.1.0 | virt | Fixed | RHBA-2019:3723 | 06.11.2019 |
| Advanced Virtualization for RHEL 8.1.0 | virt-devel | Fixed | RHBA-2019:3723 | 06.11.2019 |
| Red Hat Enterprise Linux 7 | libguestfs-winsupport | Fixed | RHSA-2019:2308 | 06.08.2019 |
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2019:3345 | 05.11.2019 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2019:3345 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attack ...
3.3 Low
CVSS3