Kuburitswa kweiyo NTFS-3G 2022.5.17 purojekiti, iyo inovandudza mutyairi uye seti yezvishandiso zvekushanda neiyo NTFS faira system munzvimbo yemushandisi, yakabvisa 8 kushaya simba iyo inobvumidza iwe kusimudza ropafadzo dzako muhurongwa. Matambudziko anokonzerwa nekushaikwa kwemacheki akakodzera paunenge uchigadzira sarudzo dzemutsara wemirairo uye kana uchishanda nemetadata pane zvikamu zveNTFS.
- CVE-2022-30783, CVE-2022-30785, CVE-2022-30787 - kusasimba muNTFS-3G mutyairi akaunganidzwa neakavakirwa-mukati libfuse raibhurari (libfuse-lite) kana ne libfuse2 system raibhurari. Anorwisa anogona kuita zvekupokana kodhi ine midzi ropafadzo kuburikidza nekunyengedza mutsara wemirairo sarudzo kana vachikwanisa kuwana iyo ntfs-3g faira rinogoneka rinopihwa suid mudzi mureza. A kushanda prototype yekushandiswa kwakaratidzwa kune kusasimba.
- CVE-2021-46790, CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789 - kusasimba mune metadata parsing kodhi muNTFS zvikamu, zvichitungamira mukushaikwa kwekushaikwa. checks . Kurwiswa kwacho kunogona kuitwa kana uchigadzira chikamu cheNTFS-3G chakagadzirirwa neanorwisa. Semuyenzaniso, kana mushandisi akakwidza dhiraivha yakagadzirirwa neanorwisa, kana kana munhu anorwisa aine rombo renzvimbo yekuwana kuhurongwa. Kana iyo sisitimu yakagadziridzwa kuti igadzike otomatiki zvikamu zveNTFS pane ekunze madhiraivha, chinodiwa kurwisa kubatanidza USB Flash ine yakanyatso dhizainiwa chikamu kune komputa. Kushanda mabasa ekusagadzikana uku hakusati kwaratidzwa.
Source: opennet.ru