Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in NTFS-3G
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in NTFS-3G
ID: USN-3914-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10
Datum: Do, 21. März 2019, 18:40
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9755
Applikationen: NTFS-3G

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============3143340917012402133==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="kgTG19vX2qN5TLw1X2Zk77caogjchghxW"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--kgTG19vX2qN5TLw1X2Zk77caogjchghxW
Content-Type: multipart/mixed;
boundary="7gJIHmm1y3fkcc80cNzy4UQLUXbQq6wYJ";
protected-headers="v1"
From: Chris Coulson <chris.coulson@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <bf081a20-c6a0-bcd9-d090-c891db86e944@canonical.com>
Subject: [USN-3914-1] NTFS-3G vulnerability

--7gJIHmm1y3fkcc80cNzy4UQLUXbQq6wYJ
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Content-Language: en-US

==========================================================================
Ubuntu Security Notice USN-3914-1
March 21, 2019

ntfs-3g vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

NTFS-3G could be made to crash or potentially run programs as an
administrator if executed with specially crafted arguments.

Software Description:
- ntfs-3g: read/write NTFS driver for FUSE

Details:

A heap buffer overflow was discovered in NTFS-3G when executing it with a
relative mount point path that is too long. A local attacker could
potentially exploit this to execute arbitrary code as the administrator.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.10.1

Ubuntu 18.04 LTS:
  ntfs-3g                         1:2017.3.23-2ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  ntfs-3g                         1:2015.3.14AR.1-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/usn/usn-3914-1
  CVE-2019-9755

Package Information:
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.10.1
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.04.1
  https://launchpad.net/ubuntu/+source/ntfs-3g/1:2015.3.14AR.1-1ubuntu0.2
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung