PT-2018-2713 · Tuxera+7 · Ntfs-3G+7

Publicado

2018-12-19

·

Atualizado

2022-07-14

·

CVE-2019-9755

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ntfs-3g version 2017.3.23
Description An integer underflow issue exists in ntfs-3g, which could be exploited by a local attacker to cause a heap buffer overflow. This could result in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
Recommendations For ntfs-3g version 2017.3.23, consider restricting access to the /bin/ntfs-3g binary to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid running /bin/ntfs-3g with specially crafted arguments from specially crafted directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Integer Underflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787CWE-191

Identificadores relacionados

ALSA-2019:3345
ALT-PU-2020-3107
ALT-PU-2021-2673
ALT-PU-2021-2730
ALT-PU-2021-2767
ALT-PU-2022-2244
AZL-6747
AZL-7293
BDU:2019-01549
CESA-2019_2308
CESA-2019_3345
CVE-2019-9755
DLA-1724-1
DSA-4413-1
OPENSUSE-SU-2019:1314-1
OPENSUSE-SU-2019_1313-1
OPENSUSE-SU-2019_1314-1
OPENSUSE-SU-2021:1244-1
OPENSUSE-SU-2021:2971-1
OPENSUSE-SU-2021_1244-1
OPENSUSE-SU-2021_2971-1
RHSA-2019:2308
RHSA-2019:3345
RHSA-2019_2308
RHSA-2019_3345
RLSA-2019:3345
SUSE-SU-2019:1000-1
SUSE-SU-2019:1001-1
SUSE-SU-2019_1000-1
SUSE-SU-2019_1001-1
SUSE-SU-2021:2965-1
SUSE-SU-2021:2971-1
USN-3914-1
USN-3914-2

Produtos afetados

Alt Linux
Almalinux
Centos
Red Hat
Rocky Linux
Suse
Ubuntu
Ntfs-3G