Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ntfs-3g-dev-dbgsym": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g-dbg": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g-dev": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g-dbgsym": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g-udeb-dbgsym": "1:2015.3.14AR.1-1ubuntu0.1", "ntfs-3g-udeb": "1:2015.3.14AR.1-1ubuntu0.1" } ] }