Ukukhutshwa kweprojekthi ye-NTFS-3G 2022.5.17, ephuhlisa umqhubi kunye nesethi yezixhobo zokusebenza kunye nenkqubo yefayile ye-NTFS kwindawo yomsebenzisi, ikhuphe ubuthathaka obu-8 obukuvumela ukuba uphakamise amalungelo akho kwinkqubo. Iingxaki zibangelwa kukungabikho kweetshekhi ezifanelekileyo xa kusetyenzwa iinketho zomgca womyalelo kwaye xa usebenza ngemethadatha kwizahlulo ze-NTFS.
- I-CVE-2022-30783, i-CVE-2022-30785, i-CVE-2022-30787 - ubuthathaka kumqhubi we-NTFS-3G ehlanganiswe nelayibrari ye-libfuse eyakhelwe-ngaphakathi (i-libfuse-lite) okanye kunye nelayibrari yenkqubo ye-libfuse2. Umhlaseli angenza ikhowudi engenamkhethe ngamalungelo engcambu ngokukhohlisa iinketho zelayini yomyalelo ukuba banofikelelo kwi-ntfs-3g yefayile ephunyeziweyo enikezwe ngengcambu yeflegi ye-suid. Iprototype esebenzayo ye-exploit yaboniswa kubuthathaka.
- I-CVE-2021-46790, i-CVE-2022-30784, i-CVE-2022-30786, i-CVE-2022-30788, i-CVE-2022-30789-ubuthathaka kwikhowudi yoluhlu lwemetadata kwizahlulo ze-NTFS, ezikhokelela ekuphuphumeni okufanelekileyo iitshekhi . Uhlaselo lunokwenziwa xa kusenziwa isahlulelo se-NTFS-3G esilungiselelwe ngumhlaseli. Umzekelo, xa umsebenzisi ephakamisa idrayivu elungiselelwe ngumhlaseli, okanye xa umhlaseli enofikelelo lwasekuhlaleni olungenalungelo kwinkqubo. Ukuba inkqubo iqwalaselwe ukuba inyuse ngokuzenzekelayo izahlulo ze-NTFS kwiidrive zangaphandle, konke okufunekayo ukuhlasela kukudibanisa i-USB Flash kunye nesahlulelo esiyilwe ngokukodwa kwikhompyuter. Ukusebenziseka okusebenzayo kobu buthathaka akukabonakaliswa.
umthombo: opennet.ru