CVE-2017-0358
Description
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
7.546
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| read/write NTFS driver for FUSE (USN-3182-1) ntfs-3g_2015.3.14AR.1-1ubuntu0.1_i386.deb | Linux |
| read/write NTFS driver for FUSE (USN-3182-1) ntfs-3g_2015.3.14AR.1-1ubuntu0.1_amd64.deb | Linux |
| read/write NTFS driver for FUSE (USN-3182-1) ntfs-3g_2016.2.22AR.1-3ubuntu0.1_i386.deb | Linux |
| read/write NTFS driver for FUSE (USN-3182-1) ntfs-3g_2016.2.22AR.1-3ubuntu0.1_amd64.deb | Linux |
| ntfs-3g security update(DSA-3268-2) ntfs-3g_2016.2.22AR.1-3_i386.deb | Linux |
| ntfs-3g security update(DSA-3268-2) ntfs-3g_2016.2.22AR.1-3_amd64.deb | Linux |
| ntfs-3g security update(DSA-3780-1) ntfs-3g_2016.2.22AR.1-3_i386.deb | Linux |
| ntfs-3g security update(DSA-3780-1) ntfs-3g_2016.2.22AR.1-3_amd64.deb | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) libntfs-3g84-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) libntfs-3g84-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) ntfs-3g-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) ntfs-3g-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) ntfsprogs-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-1(SUSE Linux Enterprise Desktop 12-SP3 ) ntfsprogs-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) libntfs-3g84-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) libntfs-3g84-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) ntfs-3g-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) ntfs-3g-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) ntfs-3g_ntfsprogs-debugsource-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) ntfsprogs-2013.1.13-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2018:3587-2(SUSE Linux Enterprise Desktop 12-SP4 ) ntfsprogs-debuginfo-2013.1.13-5.3.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234