Roman Fiedler

**Name of the Vulnerable Software and Affected Versions** NTFS-3G versions through 2021.8.22 **Description** The issue is related to an invalid return code in the `fuse kern mount` function of the libfuse-lite library for the NTFS-3G file system, which enables the interception of libfuse-lite protocol traffic between NTFS-3G and the kernel. Exploitation of this issue may allow an attacker to execute arbitrary code with elevated privileges using a specially crafted request. **Recommendations** For NTFS-3G versions through 2021.8.22, consider disabling the `fuse kern mount` function as a temporary workaround until a patch is available. Restrict access to the libfuse-lite protocol to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTFS-3G versions through 2021.8.22 **Description** The issue is related to a buffer overflow vulnerability in the NTFS file system descriptor for the FUSE NTFS-3G module, allowing arbitrary memory read and write operations. This can be exploited by an attacker to execute arbitrary code with elevated privileges using a specially crafted request. A file handle created in `fuse lib opendir` and later used in `fuse lib readdir` enables these operations when using libfuse-lite. **Recommendations** For NTFS-3G versions through 2021.8.22, consider disabling the `fuse lib readdir` function when using libfuse-lite until a patch is available to prevent arbitrary memory read and write operations. Restrict access to the `fuse lib opendir` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NTFS-3G versions through 2021.8.22 when using libfuse-lite **Description** The issue is related to an integer underflow in the `fuse lib readdir` function of the libfuse-lite library for the NTFS file system in the FUSE NTFS-3G module. This can enable arbitrary memory read operations. Exploitation of the issue may allow an attacker to execute arbitrary code with elevated privileges using a specially crafted request. **Recommendations** For NTFS-3G versions through 2021.8.22 when using libfuse-lite, consider disabling the `fuse lib readdir` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libX11 versions prior to 1.7.1 X.Org X versions through X11R7.7 **Description** The issue is related to insufficient input validation in the `XLookupColor()` function of the libX11 library. This can be exploited by an attacker to potentially execute arbitrary code, allowing them to take control of the running graphical session. The vulnerability arises when a client sends color-name requests with names longer than the maximum size allowed by the protocol, which are then interpreted by the server as additional X protocol requests. **Recommendations** For libX11 versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. For X.Org X versions through X11R7.7, consider disabling the `XLookupColor()` function as a temporary workaround until a patch is available. Restrict access to the vulnerable `LookupCol.c` module to minimize the risk of exploitation. Avoid using the `XLookupColor` request with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Firejail versions prior to 0.9.64.4 **Description** The issue is related to insufficient checking of the state of a shared resource in the OverlayFS SUID sandbox component of Firejail. This can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability is due to a TOCTOU race condition between a stat operation and an OverlayFS mount operation. Firejail uses mechanisms such as namespaces, AppArmor, and seccomp-bpf filtering in Linux for isolation, but it requires elevated privileges for setup, which it obtains through binding to the suid root utility or running via sudo. **Recommendations** For Firejail versions prior to 0.9.64.4, update to version 0.9.64.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the OverlayFS mount operation to minimize the risk of exploitation. Additionally, restrict access to the suid root utility or running Firejail via sudo to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** lxc versions prior to 1.0.8 lxc versions 1.1.x prior to 1.1.4 **Description** The issue allows local container administrators to escape AppArmor confinement through a symlink attack. This can be achieved by targeting either a mount target or a bind mount source. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later. For versions 1.1.x prior to 1.1.4, update to version 1.1.4 or later.

**Name of the Vulnerable Software and Affected Versions** LXC versions 1.1.2 and earlier **Description** The issue allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. **Recommendations** For LXC versions 1.1.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LXC versions 1.1.2 and earlier **Description** The issue allows local container users to escape AppArmor or SELinux confinement. This is achieved by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label. **Recommendations** For LXC versions 1.1.2 and earlier, consider disabling the use of the proc filesystem in containers until a patch is available. Restrict access to the attach.c module to minimize the risk of exploitation. Avoid using crafted AppArmor profiles or SELinux labels in the affected containers.