CVE-2017-0358
ntfs-3g: Modprobe influence vulnerability via environment variables
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Jann Horn, de Google Project Zero, descubrió que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. Un usuario local puede aprovecharse de este error para escalar privilegios locales a root.
Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules.
*Credits:
Jann Horn of Google Project Zero
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-11-29 CVE Reserved
- 2017-02-02 CVE Published
- 2017-02-13 First Exploit
- 2024-09-17 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2017/02/04/1 | Mailing List |
|
| http://www.securityfocus.com/bid/95987 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/141882 | 2017-04-04 | |
| https://packetstorm.news/files/id/141056 | 2017-02-13 | |
| https://www.exploit-db.com/exploits/41356 | 2024-09-17 | |
| https://www.exploit-db.com/exploits/41240 | 2024-09-17 | |
| https://github.com/Wangsafz/cve-2017-0358.sh | 2022-04-12 | |
| https://marc.info/?l=oss-security&m=148594671929354&w=2 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201702-10 | 2019-10-03 | |
| https://www.debian.org/security/2017/dsa-3780 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tuxera Search vendor "Tuxera" | Ntfs-3g Search vendor "Tuxera" for product "Ntfs-3g" | <= 2016.2.22 Search vendor "Tuxera" for product "Ntfs-3g" and version " <= 2016.2.22" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||