All errata/sisyphus/ALT-PU-2017-1420-1
ALT-PU-2017-1420-1

Package update ntfs-3g in branch sisyphus

Version2017.3.23-alt1
Task#181218
Published2017-04-04
Max severityHIGH
Severity:

Closed issues (1)

CVE-2017-0358
HIGH7.8

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

Published: 2018-04-13Modified: 2025-12-04
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References