oss-sec mailing list archives

Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables

From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 01 Feb 2017 14:07:31 +0100

On Wednesday 01 February 2017 07:44:15 Laszlo 
Boszormenyi wrote:

This is the case for Debian,Ubuntu and probably Gentoo.


To clarify:
on Gentoo the package is installed as setuid only when 
there is USE="suid" which is not active by default.
I reported the issue into our bugzilla as well.
Thanks for the report.

-- 
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Laszlo Boszormenyi (GCS) (Feb 01)
- Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Agostino Sarubbo (Feb 01)
- Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Kristian Erik Hermansen (Feb 03)