16 matches found
SUSE SLED12 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2018:3587-2)
This update for ntfs-3gntfsprogs fixes the following issues : CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500 Note that Tenable Network Security has extracted the preceding description block directly fro...
SUSE-SU-2018:3587-2 Security update for ntfs-3g_ntfsprogs
This update for ntfs-3gntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500...
Security update for ntfs-3g_ntfsprogs (low)
This update for ntfs-3gntfsprogs fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500 This update was imported from the SUSE:SLE-12:Update update project...
openSUSE Security Update : ntfs-3g_ntfsprogs (openSUSE-2018-1376)
This update for ntfs-3gntfsprogs fixes the following issues : - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C...
openSUSE: Security Advisory for ntfs-3g_ntfsprogs (openSUSE-SU-2018:3696-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED12 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2018:3587-1)
This update for ntfs-3gntfsprogs fixes the following issues : CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500 Note that Tenable Network Security has extracted the preceding description block directly fro...
SUSE-SU-2018:2070-1 Security update for ntfs-3g
This update for ntfs-3g fixes the following issues: - CVE-2017-0358: Missing sanitization of the environment during a call to modprobe allowed local users to escalate fo root privilege bsc1022500...
Immunity Canvas: NTFS3G_MODPROBE
Name| ntfs3gmodprobe ---|--- CVE| CVE-2017-0358 Exploit Pack| CANVAS Description| ntfs-3g local privilege escalation Notes| CVE Name: CVE-2017-0358 VENDOR: GNU Notes: Tested and working on: Debian 8.8 jessie 64 bits Linux 3.16.0-4-amd64 1 SMP Debian 3.16.43-2+deb8u2 2017-06-26 x8664 GNU/Linux...
CVE-2017-0358
NTFS-3G, the read-write NTFS driver for FUSE, is affected by CVE-2017-0358: it does not scrub the environment before invoking modprobe, enabling a local user to escalate to root. The issue is documented in various advisories and mitigated by SUSE/openSUSE updates SUSE-SU-2018:3587-1/3587-2, which...
Debian: Security Advisory (DLA-815-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian/Ubuntu ntfs-3g Local Privilege Escalation
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Debian/Ubuntu ntfs-3g Local Privilege Escalation', 'Description' = %q ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8,...
Debian/Ubuntu ntfs-3g Local Privilege Escalation
ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8, and possibly 9 does not properly sanitize the environment when executing modprobe. This can be abused to load a kernel module and execute a binary payload as the root user. This module requires Metasploit: https://metasploit.com/download...
ntfs-3g - Unsanitized modprobe mention the right Vulnerability( CVE-2017-0358)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not support FUSE filesystems detected by getfusefstype, ntfs-3g...
CVE-2017-0358
creationtimestamp| type| source ---|---|--- 2017-02-14 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41356 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/ntfs3gprivesc.rb 2025-02-06 03:13:43+00:00| seen|...
[SECURITY] [DLA 815-1] ntfs-3g security update
Package : ntfs-3g Version : 1:2012.1.15AR.5-2.1+deb7u3 CVE ID : CVE-2017-0358 Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this fla...
[SECURITY] [DSA 3780-1] ntfs-3g security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3780-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 01, 2017 https://www.debian.org/security/faq -...