Opened 7 years ago
Closed 7 years ago
#8851 closed enhancement (fixed)
Generate ntfs-3g security patch (CVE-2017-0358)
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 8.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Check out the below links for more information. I might put out a detailed report later.
http://seclists.org/oss-sec/2017/q1/259
Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write NTFS driver for FUSE does not not scrub the environment before executing modprobe to load the fuse module. This influence the behavior of modprobe (MODPROBE_OPTIONS environment variable, --config and --dirname options) potentially allowing for local root privilege escalation if ntfs-3g is installed setuid. This is the case for Debian, Ubuntu and probably Gentoo. This problem is in the source since 2008, maybe before. The fix is easy, use execle instead of execl and pass NULL as environment variables.
http://seclists.org/oss-sec/2017/q1/261
http://seclists.org/oss-sec/2017/q1/307
Exploit
We are affected by this because we change mount.ntfs to 4755 so that all users can mount a NTFS filesystem.
Change History (2)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r18259