Sakin aikin NTFS-3G 2022.5.17, wanda ke haɓaka direba da saiti na kayan aiki don aiki tare da tsarin fayil na NTFS a cikin sararin mai amfani, ya kawar da raunin 8 wanda ke ba ku damar haɓaka gata a cikin tsarin. Matsalolin suna haifar da rashin ingantaccen bincike lokacin sarrafa zaɓuɓɓukan layin umarni da lokacin aiki tare da metadata akan sassan NTFS.
- CVE-2022-30783. Mai hari zai iya aiwatar da lambar sabani tare da tushen gata ta hanyar yin amfani da zaɓuɓɓukan layin umarni idan suna da damar yin amfani da fayil ɗin ntfs-2022g wanda aka kawo tare da Tushen Tushen suid. An nuna samfurin aiki na amfani don rashin lahani.
- CVE-2021-46790, CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789 - rashin lahani a cikin lambar tantance bayanan metadata a cikin sassan NTFS, wanda ke haifar da rashin cikawa mai dacewa. cak . Ana iya kai harin yayin sarrafa sashin NTFS-3G wanda maharin ya shirya. Misali, lokacin da mai amfani ya hau tuƙi wanda maharin ya shirya, ko lokacin da maharin ya sami damar shiga cikin gida mara gata ga tsarin. Idan an saita tsarin don hawa NTFS partitions ta atomatik akan abubuwan tafiyarwa na waje, duk abin da ake ɗauka don kai hari shine haɗa kebul na USB tare da ɓangarorin ƙira na musamman zuwa kwamfutar. Har yanzu ba a nuna fa'idar aiki don waɗannan raunin ba.
source: budenet.ru