GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jul 28, 2020 7:26 pm Post subject: [ glsa 202007-45 ] ntfs-3g |
 |
|
Gentoo Linux Security Advisory
Title: NTFS-3G: Remote code execution, possible privilege escalation (GLSA 202007-45)
Severity: high
Exploitable: remote
Date: 2020-07-27
Bug(s): #717640
ID: 202007-45
Synopsis
A buffer overflow in NTFS-3g might allow local or remote
attacker(s) to execute arbitrary code, or escalate privileges.
Background
NTFS-3G is a stable, full-featured, read-write NTFS driver for various
operating systems.
Affected Packages
Package: sys-fs/ntfs3g
Vulnerable: < 2017.3.23-r3
Unaffected: >= 2017.3.23-r3
Architectures: All supported architectures
Description
An integer underflow issue exists in NTFS-3G which may cause a heap
buffer overflow with crafted input.
Impact
A remote attacker may be able to execute arbitrary code while a local
attacker may be able to escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All NTFS-3G users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2017.3.23-r3"
|
References
CVE-2019-9755 |
|
News & Announcements
