cpe:/a:tuxera:ntfs-3g:2016.2.22 cpe:/o:debian:debian_linux:8.0 CVE-2017-0358 2018-04-13T11:29:00.397-04:00 2019-10-02T20:03:26.223-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov EXPLOIT-DB 41240 EXPLOIT-DB 41356 BID 95987 DEBIAN DSA-3780 GENTOO GLSA-201702-10 MLIST [oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables MLIST [oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.