CVE-2017-0358

ntfs-3g: Modprobe influence vulnerability via environment variables

CVSS 7.8 HIGHEPSS 2.3%CWE-269

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.8EPSS 2.3%KEV nãoPoC públicaPatch referenciado

Lifecycle

03 Feb 2017Public PoC

13 Apr 2018Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

ntfs-3g · ntfs-3g

public PoCs found — 5

githubgithub.com/Wangsafz/cve-2017-0358.sh★ 0 cve_referencewww.exploit-db.com/exploits/41240/unverified cve_referencewww.exploit-db.com/exploits/41356/unverified exploitdbwww.exploit-db.com/exploits/41240unverified exploitdbwww.exploit-db.com/exploits/41356unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://marc.info/?l=oss-security&m=148594671929354&w=2 https://security.gentoo.org/glsa/201702-10 https://www.debian.org/security/2017/dsa-3780 https://www.exploit-db.com/exploits/41240/https://www.exploit-db.com/exploits/41356/http://www.openwall.com/lists/oss-security/2017/02/04/1 http://www.securityfocus.com/bid/95987