Описание
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2016.2.22AR.1-4 |
| esm-infra-legacy/trusty | not-affected | ntfs-3g not installed with setuid bit |
| esm-infra/xenial | released | 1:2015.3.14AR.1-1ubuntu0.1 |
| precise | not-affected | ntfs-3g not installed with setuid bit |
| trusty | not-affected | ntfs-3g not installed with setuid bit |
| trusty/esm | not-affected | ntfs-3g not installed with setuid bit |
| upstream | released | 1:2016.2.22AR.1-4 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1:2015.3.14AR.1-1ubuntu0.1 |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...
EPSS
7.2 High
CVSS2
7.8 High
CVSS3