ALT-PU-2020-3107-1
Closed vulnerabilities
Published: 2019-04-25
Modified: 2024-09-30
Modified: 2024-09-30
BDU:2019-01549
Уязвимость драйвера NTFS-3G файловой системы NTFS для модуля FUSE ядер Unix-подобных операционных систем, связанная с переполнением буфера кучи, позволяющая нарушителю повысить привилегии до уровня суперпользователя
Severity: MEDIUM (5.5)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (4.6)
Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2019-06-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-9755
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Severity: MEDIUM (4.4)
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://access.redhat.com/errata/RHBA-2019:3723
- https://access.redhat.com/errata/RHSA-2019:2308
- https://access.redhat.com/errata/RHSA-2019:3345
- https://security.gentoo.org/glsa/202007-45
- https://www.tuxera.com/community/release-history/
- https://access.redhat.com/errata/RHBA-2019:3723
- https://access.redhat.com/errata/RHSA-2019:2308
- https://access.redhat.com/errata/RHSA-2019:3345
- https://security.gentoo.org/glsa/202007-45
- https://www.tuxera.com/community/release-history/