PT-2021-5757 · Ntfs-3G+7 · Ntfs-3G+7

Published

2021-08-20

·

Updated

2024-06-15

·

CVE-2021-35269

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NTFS-3G versions prior to 2021.8.22
Description The issue is related to a heap buffer overflow that can occur when a specially crafted NTFS attribute from the MFT is setup in the function ntfs attr setup flag(), allowing for code execution and escalation of privileges. This is due to insecure privilege management in the ntfs attr setup flag function of the NTFS-3G file system driver for the FUSE module. Exploitation of this issue may allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations For NTFS-3G versions prior to 2021.8.22, update to version 2021.8.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the ntfs attr setup flag() function to minimize the risk of exploitation.

Fix

Memory Corruption

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-269

Related Identifiers

ALSA-2022:1759
ALT-PU-2021-2673
ALT-PU-2021-2730
ALT-PU-2021-2767
ALT-PU-2022-2244
AZL-6755
BDU:2022-00202
CESA-2022_1759
CVE-2021-35269
DLA-2819-1
DSA-4971-1
MGASA-2022-0001
OESA-2021-1365
OPENSUSE-SU-2021:1244-1
OPENSUSE-SU-2021:2971-1
OPENSUSE-SU-2021_1244-1
OPENSUSE-SU-2021_2971-1
OPENSUSE-SU-2024:11101-1
RHSA-2021:3703
RHSA-2021:3704
RHSA-2022:1759
RHSA-2022_1759
RLSA-2022:1759
SUSE-SU-2021:2965-1
SUSE-SU-2021:2971-1
USN-5060-1
USN-5060-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Ntfs-3G
Red Hat
Rocky Linux
Suse