Download
| Alert*
|
oval:org.secpod.oval:def:602108
The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was incomplete. This update corrects that problem. For reference the original advisory text follows. Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umo ... oval:org.secpod.oval:def:109109 NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ... oval:org.secpod.oval:def:602113 Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features via the envi ... oval:org.secpod.oval:def:52486 fuse: Filesystem in Userspace FUSE could be made to overwrite files as the administrator. oval:org.secpod.oval:def:25179 The host is installed with fuse on Red Hat Enterprise Linux 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly filter environment variables. Successful exploitation could allow attackers to escalate privileges. oval:org.secpod.oval:def:109191 NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ... oval:org.secpod.oval:def:109160 With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem. oval:org.secpod.oval:def:109152 NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove, re ... oval:org.secpod.oval:def:602112 Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing mount or umount with elevated privileges. A local user can take advantage of this flaw to overwrite arbitrary files and gain elevated privileges by accessing debugging features v ... oval:org.secpod.oval:def:109189 With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem. oval:org.secpod.oval:def:109169 With FUSE it is possible to implement a fully functional filesystem in a userspace program. This package contains the FUSE userspace tools to mount a FUSE filesystem. oval:org.secpod.oval:def:1200035 It was discovered that fusermount failed to properly sanitize its environment before executing mount and umount commands. A local user could possibly use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:702582 ntfs-3g: read/write NTFS driver for FUSE Details: USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not completely address the issue. This update fixes the problem. Original advisory NTFS-3G could be made to overwrite files as the administrator. oval:org.secpod.oval:def:702567 ntfs-3g: read/write NTFS driver for FUSE Details: USN-2617-1 fixed a vulnerability in FUSE. This update provides the corresponding fix for the embedded FUSE copy in NTFS-3G. Original advisory NTFS-3G could be made to overwrite files as the administrator. oval:org.secpod.oval:def:702569 fuse: Filesystem in Userspace FUSE could be made to overwrite files as the administrator. |
