CVE-2017-0358 - Vulnerability Details - OpenCVE

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.15924.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Tuxera	Ntfs-3g

Configuration 1 [-]

cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-815-1	ntfs-3g security update
Debian DSA	DSA-3780-1	ntfs-3g security update
Ubuntu USN	USN-3182-1	NTFS-3G vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2017/02/04/1
http://www.securityfocus.com/bid/95987
https://marc.info/?l=oss-security&m=148594671929354&w=2
https://security.gentoo.org/glsa/201702-10
https://www.debian.org/security/2017/dsa-3780
https://www.exploit-db.com/exploits/41240/
https://www.exploit-db.com/exploits/41356/

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2018-04-13T15:00:00Z

Updated: 2024-09-17T04:15:15.844Z

Reserved: 2016-11-29T00:00:00

Link: CVE-2017-0358

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-13T15:29:00.397

Modified: 2024-11-21T03:02:49.720

Link: CVE-2017-0358

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "ntfs-3g", "vendor": "ntfs-3g", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Jann Horn of Google Project Zero"}], "datePublic": "2017-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-17T12:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}], "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}, "title": "ntfs-3g: Modprobe influence vulnerability via environment variables", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2017-02-01T05:44:00.000Z", "ID": "CVE-2017-0358", "STATE": "PUBLIC", "TITLE": "ntfs-3g: Modprobe influence vulnerability via environment variables"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ntfs-3g", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "ntfs-3g"}]}}, "credit": [{"lang": "eng", "value": "Jann Horn of Google Project Zero"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "GLSA-201702-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST", "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}]}, "source": {"advisory": "https://marc.info/?l=oss-security&m=148594671929354&w=2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T13:03:56.587Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201702-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"name": "DSA-3780", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3780"}, {"name": "41240", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"name": "41356", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"name": "95987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95987"}, {"name": "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"name": "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2017-0358", "datePublished": "2018-04-13T15:00:00Z", "dateReserved": "2016-11-29T00:00:00", "dateUpdated": "2024-09-17T04:15:15.844Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*", "matchCriteriaId": "251D763B-8EFE-4E2C-99D3-B905CF54E117", "versionEndIncluding": "2016.2.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation."}, {"lang": "es", "value": "Jann Horn, de Google Project Zero, descubri\u00f3 que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. Un usuario local puede aprovecharse de este error para escalar privilegios locales a root."}], "id": "CVE-2017-0358", "lastModified": "2024-11-21T03:02:49.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-13T15:29:00.397", "references": [{"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95987"}, {"source": "security@debian.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"source": "security@debian.org", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"source": "security@debian.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"source": "security@debian.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41356/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/02/04/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://marc.info/?l=oss-security&m=148594671929354&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201702-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2017/dsa-3780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41240/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41356/"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}