Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tuxera ntfs-3g |
||
debian debian linux 8.0 |