[SECURITY] [DSA 5270-1] ntfs-3g security update

2022-11-0408:48:55

lists.debian.org

ntfs-3g

buffer overflow

cve-2022-40284

security update

debian

fuse

local user

root privilege escalation

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Debian Security Advisory DSA-5270-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
November 04, 2022 https://www.debian.org/security/faq

Package : ntfs-3g
CVE ID : CVE-2022-40284

Yuchen Zeng and Eduardo Vela discovered a buffer overflow in NTFS-3G, a
read-write NTFS driver for FUSE, due to incorrect validation of some of
the NTFS metadata. A local user can take advantage of this flaw for
local root privilege escalation.

For the stable distribution (bullseye), this problem has been fixed in
version 1:2017.3.23AR.3-4+deb11u3.

We recommend that you upgrade your ntfs-3g packages.

For the detailed security status of ntfs-3g please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/ntfs-3g

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11mipselntfs-3g-dev< 1:2017.3.23AR.3-4+deb11u3ntfs-3g-dev_1:2017.3.23AR.3-4+deb11u3_mipsel.deb
Debian10armhflibntfs-3g883-dbgsym< 1:2017.3.23AR.3-3+deb10u3libntfs-3g883-dbgsym_1:2017.3.23AR.3-3+deb10u3_armhf.deb
Debian11armhfntfs-3g< 1:2017.3.23AR.3-4+deb11u3ntfs-3g_1:2017.3.23AR.3-4+deb11u3_armhf.deb
Debian10arm64ntfs-3g< 1:2017.3.23AR.3-3+deb10u3ntfs-3g_1:2017.3.23AR.3-3+deb10u3_arm64.deb
Debian11armelntfs-3g< 1:2017.3.23AR.3-4+deb11u3ntfs-3g_1:2017.3.23AR.3-4+deb11u3_armel.deb
Debian10armhfntfs-3g-udeb< 1:2017.3.23AR.3-3+deb10u3ntfs-3g-udeb_1:2017.3.23AR.3-3+deb10u3_armhf.deb
Debian11amd64libntfs-3g883-dbgsym< 1:2017.3.23AR.3-4+deb11u3libntfs-3g883-dbgsym_1:2017.3.23AR.3-4+deb11u3_amd64.deb
Debian11s390xlibntfs-3g883< 1:2017.3.23AR.3-4+deb11u3libntfs-3g883_1:2017.3.23AR.3-4+deb11u3_s390x.deb
Debian11mips64elntfs-3g-dbgsym< 1:2017.3.23AR.3-4+deb11u3ntfs-3g-dbgsym_1:2017.3.23AR.3-4+deb11u3_mips64el.deb
Debian10armhfntfs-3g-dbgsym< 1:2017.3.23AR.3-3+deb10u3ntfs-3g-dbgsym_1:2017.3.23AR.3-3+deb10u3_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	mipsel	ntfs-3g-dev	< 1:2017.3.23AR.3-4+deb11u3	ntfs-3g-dev_1:2017.3.23AR.3-4+deb11u3_mipsel.deb
Debian	10	armhf	libntfs-3g883-dbgsym	< 1:2017.3.23AR.3-3+deb10u3	libntfs-3g883-dbgsym_1:2017.3.23AR.3-3+deb10u3_armhf.deb
Debian	11	armhf	ntfs-3g	< 1:2017.3.23AR.3-4+deb11u3	ntfs-3g_1:2017.3.23AR.3-4+deb11u3_armhf.deb
Debian	10	arm64	ntfs-3g	< 1:2017.3.23AR.3-3+deb10u3	ntfs-3g_1:2017.3.23AR.3-3+deb10u3_arm64.deb
Debian	11	armel	ntfs-3g	< 1:2017.3.23AR.3-4+deb11u3	ntfs-3g_1:2017.3.23AR.3-4+deb11u3_armel.deb
Debian	10	armhf	ntfs-3g-udeb	< 1:2017.3.23AR.3-3+deb10u3	ntfs-3g-udeb_1:2017.3.23AR.3-3+deb10u3_armhf.deb
Debian	11	amd64	libntfs-3g883-dbgsym	< 1:2017.3.23AR.3-4+deb11u3	libntfs-3g883-dbgsym_1:2017.3.23AR.3-4+deb11u3_amd64.deb
Debian	11	s390x	libntfs-3g883	< 1:2017.3.23AR.3-4+deb11u3	libntfs-3g883_1:2017.3.23AR.3-4+deb11u3_s390x.deb
Debian	11	mips64el	ntfs-3g-dbgsym	< 1:2017.3.23AR.3-4+deb11u3	ntfs-3g-dbgsym_1:2017.3.23AR.3-4+deb11u3_mips64el.deb
Debian	10	armhf	ntfs-3g-dbgsym	< 1:2017.3.23AR.3-3+deb10u3	ntfs-3g-dbgsym_1:2017.3.23AR.3-3+deb10u3_armhf.deb