Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Ubuntu 16.04 ESM: USN-5711-2 Critical NTFS-3G Privilege Escalation

ubuntu
Calendar Grey November 3, 2022
Dist Ubuntu Esm H88
CVE-2022-XXXX patch release for Ubuntu dated November 03, 2022. Addressed critical flaws that could lead to elevated permissions exploitation.
NTFS-3G could be made to crash or run programs as an administrator if it mounted a specially crafted disk.

Summary

NTFS-3G could be made to crash or run programs as an administrator

if it mounted a specially crafted disk.

Software Description:

- ntfs-3g: read/write NTFS driver for FUSE

Details:

USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides

the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM.

Original advisory details:

Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated

certain NTFS metadata. A local attacker could possibly use this issue to

gain privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.3+esm4

Ubuntu 14.04 ESM:
  ntfs-3g                         1:2013.1.13AR.1-2ubuntu2+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5711-2

CVE-2022-40284

Severity
critical
Lowest
Low
Medium
High
Critical

November 03, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.