NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b6ac8cfbfa
kumquat-buildroot/package/ntfs-3g/ntfs-3g.hash
Peter Korsgaard 6f971f354c ntfs-3g: add security fix for CVE-2017-0358 
Jann Horn, Project Zero (Google) discovered that ntfs-3g, a read-write
NTFS driver for FUSE does not not scrub the environment before
executing modprobe to load the fuse module. This influence the behavior
of modprobe (MODPROBE_OPTIONS environment variable, --config and
--dirname options) potentially allowing for local root privilege
escalation if ntfs-3g is installed setuid.

Notice that Buildroot does NOT install netfs-3g setuid root, but custom
permission tables might be used, causing it to vulnerable to the above.

ntfs-3g does not seem to have a publicly available version control system
and no new releases have been made, so instead grab the patch from Debian.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-02-14 11:18:38 +01:00

4 lines
223 B
Plaintext
Raw Blame History

# Locally calculated
sha256 d7b72c05e4b3493e6095be789a760c9f5f2b141812d5b885f3190c98802f1ea0 ntfs-3g_ntfsprogs-2016.2.22.tgz
sha256 43deadaeade489934b0b45e2ed8aa5f853ad0364fbde7ad144211b80132ea041 0003-CVE-2017-0358.patch
Reference in New Issue View Git Blame Copy Permalink