PT-2018-2713 · Tuxera+7 · Ntfs-3G+7

Published

2018-12-19

Updated

2022-07-14

CVE-2019-9755

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ntfs-3g version 2017.3.23

Description An integer underflow issue exists in ntfs-3g, which could be exploited by a local attacker to cause a heap buffer overflow. This could result in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.

Recommendations For ntfs-3g version 2017.3.23, consider restricting access to the /bin/ntfs-3g binary to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid running /bin/ntfs-3g with specially crafted arguments from specially crafted directories. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-191

Related Identifiers

ALSA-2019:3345

ALT-PU-2020-3107

ALT-PU-2021-2673

ALT-PU-2021-2730

ALT-PU-2021-2767

ALT-PU-2022-2244

AZL-6747

AZL-7293

BDU:2019-01549

CESA-2019_2308

CESA-2019_3345

CVE-2019-9755

DLA-1724-1

DSA-4413-1

OPENSUSE-SU-2019:1314-1

OPENSUSE-SU-2019_1313-1

OPENSUSE-SU-2019_1314-1

OPENSUSE-SU-2021:1244-1

OPENSUSE-SU-2021:2971-1

OPENSUSE-SU-2021_1244-1

OPENSUSE-SU-2021_2971-1

RHSA-2019:2308

RHSA-2019:3345

RHSA-2019_2308

RHSA-2019_3345

RLSA-2019:3345

SUSE-SU-2019:1000-1

SUSE-SU-2019:1001-1

SUSE-SU-2019_1000-1

SUSE-SU-2019_1001-1

SUSE-SU-2021:2965-1

SUSE-SU-2021:2971-1

USN-3914-1

USN-3914-2

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

Ntfs-3G

PT-2018-2713 · Tuxera+7 · Ntfs-3G+7

CVE-2019-9755

Weakness Enumeration

Related Identifiers

Affected Products

References · 137