Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
ntfs-3g | le | 2016.2.22 |