Operating System:

[Debian]

Published:

27 May 2015

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2015.1374.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2015.1374.2
                          ntfs-3g security update
                                27 May 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           ntfs-3g
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Debian GNU/Linux 7
Impact/Access:     Increased Privileges      -- Existing Account
                   Overwrite Arbitrary Files -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-3202  

Reference:         ESB-2015.1365

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3268

Revision History:  May 27 2015: The patch applied for ntfs-3g to fix 
                                CVE-2015-3202 in DSA 3268-1 was incomplete
                   May 25 2015: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3268-2                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
May 26, 2015                           http://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : ntfs-3g
CVE ID         : CVE-2015-3202
Debian Bug     : 786475

The patch applied for ntfs-3g to fix CVE-2015-3202 in DSA 3268-1 was
incomplete. This update corrects that problem. For reference the
original advisory text follows.

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for
FUSE, does not scrub the environment before executing mount or umount
with elevated privileges. A local user can take advantage of this flaw
to overwrite arbitrary files and gain elevated privileges by accessing
debugging features via the environment that would not normally be safe
for unprivileged users.

For the oldstable distribution (wheezy), this problem has been fixed in
version 1:2012.1.15AR.5-2.1+deb7u2. Note that this issue does not affect
the binary packages distributed in Debian in wheezy as ntfs-3g does not
use the embedded fuse-lite library.

For the stable distribution (jessie), this problem has been fixed in
version 1:2014.2.15AR.2-1+deb8u2.

For the unstable distribution (sid), this problem has been fixed in
version 1:2014.2.15AR.3-3.

We recommend that you upgrade your ntfs-3g packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVZM0HAAoJEAVMuPMTQ89EJggP/0zWLrGHeQuWaOanEo/zBdKq
R6Er4/Apz1tlduUYz7whFuZTM4jZYjo9G15laoZefB+4ntzmSiCZMp+9KuPf8oN5
90rOU6/Pw91e8BxEiTIQ+V9QLAwdu84NMuuNFxBnqSWg55q/FzBbup0pnz/rJupi
XvJkcSeEmx9rPOhHET/xMMu1jCDD+L/j14+ekcfyBx/Gvw8HxYiHHFMSoOvDIG17
1nU3BOu7CjOrvu4rsUpEYVUYIOSjq86SToZcBb8MJ2yPhNh+hqr76qx14REpPV2t
CYUCGb2nU0Vwix/IGsKzYUZJeFVjdNuNNWP0qxP2sF0EZWihYBCPYJstfdgbFAM5
XrYTS9O7MwMNn3D5Ac2Z0IPFr4/jq2JhzVSJ16/8ZOo6DY6xCjFy/ysErCkD+Qu6
DMNKvmT+Q3h3T+eEEKSpfcZFXT3peg0obATvsTGONn2so4OYGk0NT4V9Mybq+D3L
qbdB0DDsbjmG3csHchYeoPIy7wYuw2JChkViZAcolXtn4ClQdOhZxqDGRzYDrLcc
YnoWP4hvac9EFUs7NHZ+fYXUGCgc8F5oTqZ2DmPiMXg8f0tWBDWMnznumhc5skip
l9IqI4kmU+Ik7KsbHOaRpItgnup88Mpw5FxgWDxOQEUET6jtEwhZohRN4rMbyWep
iUKNmJ4HnoBJVgX3810+
=O+Kf
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVWUVWxLndAQH1ShLAQKZ0A//VPMm1wbwR154Azsj9ZmnliCDpF3ZIfbB
sS9pJAmZOfV9KvZkVLpMmGG7UQB1thPolXm6tB3jO5QyrJ8Z7EtpAtk4d5ezckwW
7Qf3dsaw0AiwBbMlwrSlviMBQFQsx9hggIiIzN58VdxBrsp7vzFnelw0FDOOGP38
KxBJy9AZ8nCt6otlkxrMMQvaS5yDjB4JP7Xd8p/bYKKusanKGQgw/Y85oEXXmG7F
ae6+QPPUpHaGWGLi4YA0Hjw8wTBhC3tF5V1RCFXBF6aULkYuq6nqUdCDyByqdmSu
dTcN2hDUBrKduYtTTVpkyUjZvSteHW5SU0no+fOkluaNm5EnNnLoqpgl8YZL3y5Z
iSbvWgQTUlMUxHYT3kJvD4+w0Ac8kw2ijz3MlRvU45tYF+83vu/ZB8yOMw1kfgax
4/kS25jmFfn8IX0p29ZByOx2AekcCj05ESgepFINOkEBMtJoza4ernSEqUh78H/C
K7tYMvgufe3aErQLuuUxOb9+CxdSjMKQKfy+EOyxSsl+nJHP4uYd6WmMeIznnP3M
UEpQ2Cw5Cl2yRjojmsKrfAEg1RAVKCJaN4gDcGtrk3v6kC/zWQh/WLMV9tNPkhgV
yj8qK7vDvh++fCuz8K2HB5wdoccK2bxBRguYvkaGUmC8O8etOYprRU0V+aZcID58
Ipm5AUTmVtw=
=4A4D
-----END PGP SIGNATURE-----