Debian update for ntfs-3g
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 |
| CWE-ID | CWE-122 CWE-94 CWE-191 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
ntfs-3g (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU64092
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46790
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the ntfsck in NTFS-3G when processing specially crafted NTFS filesystem. A local user can mount a malicious NTFS filesystem, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Code Injection
EUVDB-ID: #VU63759
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30783
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a flaw when using libfuse-lite. A local administrator can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU63796
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30784
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ntfs_get_attribute_value. A remote administrator can use a specially crafted NTFS image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU63760
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30785
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to an arbitrary memory read and write operations issue when using libfuse-lite. A local administrator can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU63793
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30786
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ntfs_names_full_collate. A remote administrator can use a specially crafted NTFS image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer underflow
EUVDB-ID: #VU63761
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30787
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow in fuse_lib_readdir when using libfuse-lite. A local administrator can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Heap-based buffer overflow
EUVDB-ID: #VU63790
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30788
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ntfs_mft_rec_alloc. A remote administrator can use a specially crafted NTFS image file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU64094
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30789
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code with escalated privileges.
The vulnerability exists due to a boundary error in the ntfs_check_log_client_array in NTFS-3G. A local attacker can mount a specially crafted NTFS image, trigger a heap-based buffer overflow and execute arbitrary code with escalated privileges.
MitigationUpdate ntfs-3g package to one of the following versions: 1:2017.3.23AR.3-3+deb10u2, 1:2017.3.23AR.3-4+deb11u2.
Vulnerable software versionsntfs-3g (Debian package): before 1:2017.3.23AR.3-4+deb11u2
External linkshttp://www.debian.org/security/2022/dsa-5160
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
