Lucene search

K
ubuntuUbuntuUSN-2617-3
HistoryMay 27, 2015 - 12:00 a.m.

NTFS-3G vulnerability

2015-05-2700:00:00
ubuntu.com
29

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0

Percentile

0.4%

Releases

  • Ubuntu 15.04

Packages

  • ntfs-3g - read/write NTFS driver for FUSE

Details

USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not
completely address the issue. This update fixes the problem.

Original advisory details:

Tavis Ormandy discovered that FUSE incorrectly filtered environment
variables. A local attacker could use this issue to gain administrative
privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu15.04noarchntfs-3g< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-dbg< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-dbgsym< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-dev< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-dev-dbgsym< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-udeb< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN
Ubuntu15.04noarchntfs-3g-udeb-dbgsym< 1:2014.2.15AR.3-1ubuntu0.2UNKNOWN

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0

Percentile

0.4%