From fe23574da6b4bcb62a85678cbca1885882af3f83 Mon Sep 17 00:00:00 2001 From: Sam James Date: Mon, 27 Jul 2020 01:02:55 +0000 Subject: [ GLSA 202007-45 ] NTFS-3G: Remote code execution, possible privilege escalation Signed-off-by: Sam James --- glsa-202007-45.xml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 glsa-202007-45.xml (limited to 'glsa-202007-45.xml') diff --git a/glsa-202007-45.xml b/glsa-202007-45.xml new file mode 100644 index 00000000..0e64d8ef --- /dev/null +++ b/glsa-202007-45.xml @@ -0,0 +1,50 @@ + + + + NTFS-3G: Remote code execution, possible privilege escalation + A buffer overflow in NTFS-3g might allow local or remote + attacker(s) to execute arbitrary code, or escalate privileges. + + ntfs-3g + 2020-07-27 + 2020-07-27 + 717640 + remote + + + 2017.3.23-r3 + 2017.3.23-r3 + + + +

NTFS-3G is a stable, full-featured, read-write NTFS driver for various + operating systems. +

+ + +

An integer underflow issue exists in NTFS-3G which may cause a heap + buffer overflow with crafted input. +

+ + +

A remote attacker may be able to execute arbitrary code while a local + attacker may be able to escalate privileges. +

+ + +

There is no known workaround at this time.

+ + +

All NTFS-3G users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=sys-fs/ntfs3g-2017.3.23-r3" + + + + CVE-2019-9755 + + sam_c + sam_c + -- cgit v1.2.3-65-gdbad