ntfs-3g mount helper in Ubuntu 16.04, 16.10, Debian 7, 8, and possibly 9 does not properly sanitize the environment when executing modprobe. This can be abused to load a kernel module and execute a binary payload as the root user.
2ca15f26f7b775b7c9e764235153327a7035b9b299e27a2b52603944e606c8c3
Gentoo Linux Security Advisory 201702-10 - A vulnerability in NTFS-3G allows local users to gain root privileges. Versions less than 2016.2.22-r2 are affected.
ee4509abb8d07659fe187c08f1cf8070767d055822625eb1de9ade54c1d6e459
NTFS-3G has an issue where modprobe is executed with an unsanitized environment.
6f1e8b33b5d299f4e998b0aa0ffe475804ed17c6ba5a9fe46e1d9b0b621f0451
Ubuntu Security Notice 3182-1 - Jann Horn discovered that NTFS-3G incorrectly filtered environment variables when using the modprobe utility. A local attacker could possibly use this issue to load arbitrary kernel modules.
d7e87d437e6c386c7a2fd8dbb3bb71070101b552c0748efb494d4cea9373ca4b