Kutulutsidwa kwa pulojekiti ya NTFS-3G 2022.5.17, yomwe imapanga dalaivala ndi zida zogwirira ntchito ndi fayilo ya NTFS mu malo ogwiritsira ntchito, inachotsa zofooka za 8 zomwe zimakulolani kukweza mwayi wanu mu dongosolo. Mavutowa amayamba chifukwa chosowa macheke oyenerera pokonza zosankha za mzere wamalamulo komanso mukamagwira ntchito ndi metadata pamagawo a NTFS.
- CVE-2022-30783, CVE-2022-30785, CVE-2022-30787 ndizowopsa mu dalaivala wa NTFS-3G wopangidwa ndi laibulale ya libfuse yomangidwa (libfuse-lite) kapena laibulale ya libfuse2 system. Wowukira atha kuyika ma code osagwirizana ndi mwayi wokhala ndi mizu mwakusintha zosankha za mzere wamalamulo ngati ali ndi mwayi wopeza fayilo ya ntfs-3g yoperekedwa ndi mbendera ya suid. Chiwonetsero chogwira ntchito chogwiritsidwa ntchito chinawonetsedwa pazovuta.
- CVE-2021-46790, CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789 - pachiwopsezo mu metadata parsing code m'magawo a NTFS, zomwe zimatsogolera pakusefukira koyenera macheke . Kuwukirako kumatha kuchitika pokonza gawo la NTFS-3G lokonzedwa ndi wowukira. Mwachitsanzo, wogwiritsa ntchito akakweza galimoto yokonzedwa ndi wowukirayo, kapena ngati wowukirayo ali ndi mwayi wogwiritsa ntchito makinawa. Ngati dongosololi lakonzedwa kuti liziyika zokha magawo a NTFS pama drive akunja, zomwe zimafunika kuti ziwukire ndikulumikiza USB Flash yokhala ndi gawo lopangidwa mwapadera pakompyuta. Zochita zogwirira ntchito pazofookazi sizinawonetsedwebe.
Source: opennet.ru