Siideynta mashruuca NTFS-3G 2022.5.17, kaas oo soo saara darawal iyo qalabyo kala duwan oo loogu talagalay la shaqeynta nidaamka faylka NTFS ee booska isticmaalaha, waxay meesha ka saartay 8 dayacan oo kuu oggolaanaya inaad sare u qaaddo mudnaantaada nidaamka. Dhibaatooyinka waxaa sababa la'aanta hubinta saxda ah marka la shaqeynayo xulashooyinka khadka taliska iyo marka la shaqeynayo xogta badan ee qaybaha NTFS.
- CVE-2022-30783. Weeraryahanku wuxuu fulin karaa kood aan sabab lahayn oo leh mudnaanta xididka iyada oo la adeegsanayo khiyaarrada khadka taliska haddii ay marin u helaan faylka ntfs-2022g ee la fulin karo oo ay la socdaan calanka suid rootiga. Tusaale shaqaynaysa ka faa'iidaysiga ayaa loo muujiyay baylahda.
- CVE-2021-46790, CVE-2022-30784, CVE-2022-30786, CVE-2022-30788, CVE-2022-30789 - nuglaanta koodhka falanqaynta metadata ee qaybaha NTFS, taasoo horseedaysa qulqulka saxda ah jeegaga . Weerarka waxaa la qaadi karaa marka la farsameynayo qaybta NTFS-3G ee uu diyaariyay weeraryahan. Tusaale ahaan, marka adeegsaduhu uu fuulo darawal uu soo diyaariyay weeraryahan, ama marka uu weeraryahanku fursad la'aan u leeyahay gelitaanka maxalliga ah ee nidaamka. Haddii nidaamka loo habeeyey inuu si toos ah ugu dhejiyo qaybaha NTFS ee darawallada dibadda, waxa kaliya ee ay u baahan tahay in la weeraro waa in lagu xiro USB Flash oo leh qayb si gaar ah loo naqshadeeyey kombiyuutarka. Ka faa'iidaysiga ka shaqaynta dayacannadan weli lama soo bandhigin.
Source: opennet.ru