Headline
Ubuntu Security Notice USN-5711-1
Ubuntu Security Notice 5711-1 - Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges.
==========================================================================
Ubuntu Security Notice USN-5711-1
November 02, 2022
ntfs-3g vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
NTFS-3G could be made to crash or run programs as an administrator
if it mounted a specially crafted disk.
Software Description:
- ntfs-3g: read/write NTFS driver for FUSE
Details:
Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated
certain NTFS metadata. A local attacker could possibly use this issue to
gain privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
ntfs-3g 1:2022.5.17-1ubuntu1.1
Ubuntu 22.04 LTS:
ntfs-3g 1:2021.8.22-3ubuntu1.2
Ubuntu 20.04 LTS:
ntfs-3g 1:2017.3.23AR.3-3ubuntu1.3
Ubuntu 18.04 LTS:
ntfs-3g 1:2017.3.23-2ubuntu0.18.04.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5711-1
CVE-2022-40284
Package Information:
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.5.17-1ubuntu1.1
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.2
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23AR.3-3ubuntu1.3
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2017.3.23-2ubuntu0.18.04.5
Related news
Red Hat Security Advisory 2023-5796-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5587-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.
Red Hat Security Advisory 2023-5239-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5264-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
Debian Linux Security Advisory 5270-1 - Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a read-write NTFS driver for FUSE, due to incorrect validation of some of the NTFS metadata. A local user can take advantage of this flaw for local root privilege escalation.
Ubuntu Security Notice 5711-2 - USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM. Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated certain NTFS metadata. A local attacker could possibly use this issue to gain privileges.