pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c9f2/ALT-PU-2022-3208/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

332 lines
16 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20223208",
"Version": "oval:org.altlinux.errata:def:20223208",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-3208: package `ntfs-3g` update to version 2021.8.22-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-3208",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-3208",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-03378",
"RefURL": "https://bdu.fstec.ru/vul/2022-03378",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03700",
"RefURL": "https://bdu.fstec.ru/vul/2022-03700",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03701",
"RefURL": "https://bdu.fstec.ru/vul/2022-03701",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03707",
"RefURL": "https://bdu.fstec.ru/vul/2022-03707",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03917",
"RefURL": "https://bdu.fstec.ru/vul/2022-03917",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03919",
"RefURL": "https://bdu.fstec.ru/vul/2022-03919",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03924",
"RefURL": "https://bdu.fstec.ru/vul/2022-03924",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03951",
"RefURL": "https://bdu.fstec.ru/vul/2022-03951",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06607",
"RefURL": "https://bdu.fstec.ru/vul/2022-06607",
"Source": "BDU"
},
{
"RefID": "CVE-2021-46790",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-46790",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30783",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30783",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30784",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30784",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30785",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30785",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30786",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30786",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30787",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30787",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30788",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30788",
"Source": "CVE"
},
{
"RefID": "CVE-2022-30789",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-30789",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40284",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40284",
"Source": "CVE"
}
],
"Description": "This update upgrades ntfs-3g to version 2021.8.22-alt2. \nSecurity Fix(es):\n\n * BDU:2022-03378: Уязвимость функции ntfs_get_attribute_value файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03700: Уязвимость функции ntfs_names_full_collate файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03701: Уязвимость функции ntfs_mft_rec_alloc файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03707: Уязвимость функции ntfs_check_log_client_array файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03917: Уязвимость функции check_file_record файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03919: Уязвимость функции fuse_kern_mount библиотеки libfuse-lite файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03924: Уязвимость функции fuse_lib_readdir библиотеки libfuse-lite файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-03951: Уязвимость дескриптора файлов файловой системы NTFS для модуля FUSE NTFS-3G, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями\n\n * BDU:2022-06607: Уязвимость утилиты ntfs-3g набора драйверов NTFS-3G реализации файловой системы NTFS, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2021-46790: ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.\n\n * CVE-2022-30783: An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.\n\n * CVE-2022-30784: A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.\n\n * CVE-2022-30785: A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.\n\n * CVE-2022-30786: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.\n\n * CVE-2022-30787: An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.\n\n * CVE-2022-30788: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.\n\n * CVE-2022-30789: A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.\n\n * CVE-2022-40284: A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-11-24"
},
"Updated": {
"Date": "2022-11-24"
},
"BDUs": [
{
"ID": "BDU:2022-03378",
"CVSS": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120, CWE-122",
"Href": "https://bdu.fstec.ru/vul/2022-03378",
"Impact": "High",
"Public": "20220516"
},
{
"ID": "BDU:2022-03700",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2022-03700",
"Impact": "High",
"Public": "20220516"
},
{
"ID": "BDU:2022-03701",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2022-03701",
"Impact": "High",
"Public": "20220516"
},
{
"ID": "BDU:2022-03707",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122",
"Href": "https://bdu.fstec.ru/vul/2022-03707",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "BDU:2022-03917",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-03917",
"Impact": "Critical",
"Public": "20211105"
},
{
"ID": "BDU:2022-03919",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-200, CWE-252, CWE-393",
"Href": "https://bdu.fstec.ru/vul/2022-03919",
"Impact": "Low",
"Public": "20220516"
},
{
"ID": "BDU:2022-03924",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-125, CWE-191",
"Href": "https://bdu.fstec.ru/vul/2022-03924",
"Impact": "High",
"Public": "20220516"
},
{
"ID": "BDU:2022-03951",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-94, CWE-125, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-03951",
"Impact": "High",
"Public": "20220516"
},
{
"ID": "BDU:2022-06607",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-19",
"Href": "https://bdu.fstec.ru/vul/2022-06607",
"Impact": "High",
"Public": "20221026"
}
],
"CVEs": [
{
"ID": "CVE-2021-46790",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-46790",
"Impact": "High",
"Public": "20220502"
},
{
"ID": "CVE-2022-30783",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-252",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30783",
"Impact": "Low",
"Public": "20220526"
},
{
"ID": "CVE-2022-30784",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30784",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "CVE-2022-30785",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30785",
"Impact": "Low",
"Public": "20220526"
},
{
"ID": "CVE-2022-30786",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30786",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "CVE-2022-30787",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-191",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30787",
"Impact": "Low",
"Public": "20220526"
},
{
"ID": "CVE-2022-30788",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30788",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "CVE-2022-30789",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-30789",
"Impact": "High",
"Public": "20220526"
},
{
"ID": "CVE-2022-40284",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40284",
"Impact": "High",
"Public": "20221106"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20223208001",
"Comment": "libntfs-3g is earlier than 2:2021.8.22-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223208002",
"Comment": "libntfs-3g-devel is earlier than 2:2021.8.22-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20223208003",
"Comment": "ntfs-3g is earlier than 2:2021.8.22-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink