A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0168 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2021-4206:
    A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc()     function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer     overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or     potentially execute arbitrary code within the context of the QEMU process.

    CVE-2021-4207:
    A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values     `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object     followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw     to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU     process.

    CVE-2022-26353:
    A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for     CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and     other unexpected results. Affected QEMU version: 6.2.0.

    CVE-2021-20196:
    A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while     processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
    This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of     service. The highest threat from this vulnerability is to system availability.

    CVE-2021-33285:
    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the     records proceeds into the wild.

    CVE-2021-33286:
    In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution.

    CVE-2021-33287:
    In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application.

    CVE-2021-33289:
    In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution.

    CVE-2021-35266:
    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution.

    CVE-2021-35267:
    NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root.

    CVE-2021-35268:
    In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges.

    CVE-2021-35269:
    NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges.

    CVE-2021-3622:
    A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows     Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to     a stack overflow. The highest threat from this vulnerability is to system availability.

    CVE-2021-3716:
    A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption     boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before     proxying everything else a client sends to the server, potentially leading the client to terminate the NBD     session. The highest threat from this vulnerability is to system availability.

    CVE-2021-3748:
    A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the     descriptor's address belongs to the non direct access region, due to num_buffers being set after the     virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a     denial of service condition, or potentially execute code on the host with the privileges of the QEMU     process.

    CVE-2021-39251:
    A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22.

    CVE-2021-39252:
    A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

    CVE-2021-39253:
    A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

    CVE-2021-39254:
    A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

    CVE-2021-39255:
    A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in     ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

    CVE-2021-39256:
    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G <     2021.8.22.

    CVE-2021-39257:
    A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain     (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22.

    CVE-2021-39258:
    A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in     NTFS-3G < 2021.8.22.

    CVE-2021-39259:
    A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in     ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.

    CVE-2021-39260:
    A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G     < 2021.8.22.

    CVE-2021-39261:
    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G <     2021.8.22.

    CVE-2021-39262:
    A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.

    CVE-2021-39263:
    A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.

    CVE-2021-3975:
    A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in     qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a     monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is     shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial     of service attack by causing the libvirt daemon to crash.

    CVE-2021-4145:
    A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0.
    The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A     malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host     when writing data reaches the threshold of mirroring node.

    CVE-2021-4158:
    A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within     the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service     condition.

    CVE-2022-0485:
    A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using     asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as     successful, rather than checking the *error parameter. This could result in the silent creation of a     corrupted destination image.

    CVE-2022-26354:
    A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached     from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results.
    Affected QEMU versions <= 6.2.0.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.101026 advisory.

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers     option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain     unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
    (CVE-2023-45234)

  - Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote     attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the     KeyTrap issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the     protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG     records. (CVE-2023-50387)

  - The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped)     allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC     responses in a random subdomain attack, aka the NSEC3 issue. The RFC 5155 specification implies that an     algorithm must perform thousands of iterations of a hash function in certain situations. (CVE-2023-50868)

  - close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. (CVE-2022-48624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.100173 advisory.

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers     option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain     unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
    (CVE-2023-45234)

  - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may     allow an authenticated client to cause a denial of service. (CVE-2023-1667)

  - A vulnerability was found in libssh, where the authentication check of the connecting client can be     bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen     if there is insufficient memory or the memory usage is limited. The problem is caused by the return value     `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call     `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the     cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.
    (CVE-2023-2283)

  - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange     differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. (CVE-2023-5981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1759 advisory.

  - A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while     processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
    This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of     service. The highest threat from this vulnerability is to system availability. (CVE-2021-20196)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the     records proceeds into the wild. (CVE-2021-33285)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution. (CVE-2021-33286)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

  - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges. (CVE-2021-35268)

  - NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges. (CVE-2021-35269)

  - A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows     Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to     a stack overflow. The highest threat from this vulnerability is to system availability. (CVE-2021-3622)

  - A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption     boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before     proxying everything else a client sends to the server, potentially leading the client to terminate the NBD     session. The highest threat from this vulnerability is to system availability. (CVE-2021-3716)

  - A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the     descriptor's address belongs to the non direct access region, due to num_buffers being set after the     virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a     denial of service condition, or potentially execute code on the host with the privileges of the QEMU     process. (CVE-2021-3748)

  - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22. (CVE-2021-39251)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
    (CVE-2021-39252)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    (CVE-2021-39253)

  - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)

  - A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in     ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. (CVE-2021-39255)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G <     2021.8.22. (CVE-2021-39256)

  - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain     (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. (CVE-2021-39257)

  - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in     NTFS-3G < 2021.8.22. (CVE-2021-39258)

  - A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in     ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. (CVE-2021-39259)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G     < 2021.8.22. (CVE-2021-39260)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G <     2021.8.22. (CVE-2021-39261)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
    (CVE-2021-39262)

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in     qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a     monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is     shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial     of service attack by causing the libvirt daemon to crash. (CVE-2021-3975)

  - A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0.
    The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A     malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host     when writing data reaches the threshold of mirroring node. (CVE-2021-4145)

  - A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within     the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service     condition. (CVE-2021-4158)

  - A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using     asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as     successful, rather than checking the *error parameter. This could result in the silent creation of a     corrupted destination image. (CVE-2022-0485)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202301-01 (NTFS-3G: Multiple Vulnerabilities)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the     records proceeds into the wild. (CVE-2021-33285)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution. (CVE-2021-33286)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

  - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges. (CVE-2021-35268)

  - NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges. (CVE-2021-35269)

  - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22. (CVE-2021-39251)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
    (CVE-2021-39252)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    (CVE-2021-39253)

  - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)

  - A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in     ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. (CVE-2021-39255)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G <     2021.8.22. (CVE-2021-39256)

  - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain     (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. (CVE-2021-39257)

  - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in     NTFS-3G < 2021.8.22. (CVE-2021-39258)

  - A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in     ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. (CVE-2021-39259)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G     < 2021.8.22. (CVE-2021-39260)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G <     2021.8.22. (CVE-2021-39261)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
    (CVE-2021-39262)

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between     NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30783)

  - A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.
    (CVE-2022-30784)

  - A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory     read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. (CVE-2022-30785)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through     2021.8.22. (CVE-2022-30786)

  - An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through     2021.8.22 when using libfuse-lite. (CVE-2022-30787)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through     2021.8.22. (CVE-2022-30788)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G     through 2021.8.22. (CVE-2022-30789)

  - A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause     code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically     proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an     external storage device. (CVE-2022-40284)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1759 advisory.

    - Limit recursion in ri-records (CVE-2021-3622)       resolves: rhbz#1976194
    - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,       CVE-2021-35266, CVE-2021-35267, CVE-2021-35268, CVE-2021-35269,       CVE-2021-39251, CVE-2021-39252, CVE-2021-39253, CVE-2021-39254       resolves: rhbz#2004490

    libnbd
    - Fix CVE-2022-0485: Fail nbdcopy if NBD read or write fails       resolves: rhbz#2045718
    - Resolves: bz#2046198       (CVE-2022-0358 virt:av/qemu-kvm: QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405     [rhel-8.6])
    - Resolves: bz#2036580       (CVE-2021-4158 virt:rhel/qemu-kvm: QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c     [rhel-8])

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1759 advisory.

    * QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748)

    * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

    * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

    * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

    * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

    * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

    * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

    * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute     (CVE-2021-39255)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

    * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

    * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

    * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

    * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

    * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

    * libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485)

    * hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622)

    * nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716)

    * libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975)

    * QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145)

    * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)

    * QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1759 advisory.

    Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware     platforms. The virt:rhel module contains packages which provide user-space components used to run virtual     machines using KVM. The packages also provide APIs for managing and interacting with the virtualized     systems.

    The following packages have been upgraded to a later upstream version: qemu-kvm (6.2.0), libvirt (8.0.0),     libvirt-python (8.0.0), perl-Sys-Virt (8.0.0), seabios (1.15.0), libtpms (0.9.1). (BZ#1997410, BZ#2012802,     BZ#2012806, BZ#2012813, BZ#2018392, BZ#2027716, BZ#2029355)

    Security Fix(es):

    * QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748)

    * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

    * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

    * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

    * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

    * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

    * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

    * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute     (CVE-2021-39255)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

    * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

    * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

    * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

    * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

    * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

    * libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485)

    * hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622)

    * nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716)

    * libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975)

    * QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145)

    * QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)

    * QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1759 advisory.

  - QEMU: block: fdc: null pointer dereference may lead to guest crash (CVE-2021-20196)

  - ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

  - ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

  - ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

  - ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

  - ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

  - ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

  - ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

  - ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

  - hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622)

  - nbdkit: NBD_OPT_STRUCTURED_REPLY injection on STARTTLS (CVE-2021-3716)

  - QEMU: virtio-net: heap use-after-free in virtio_net_receive_rcu (CVE-2021-3748)

  - ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

  - ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

  - ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

  - ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

  - ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute (CVE-2021-39255)

  - ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

  - ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

  - ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

  - ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

  - ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

  - ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

  - ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

  - ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

  - libvirt: segmentation fault during VM shutdown can lead to vdsm hang (CVE-2021-3975)

  - QEMU: NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c (CVE-2021-4145)

  - QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c (CVE-2021-4158)

  - libnbd: nbdcopy: missing error handling may create corrupted destination image (CVE-2022-0485)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the ntfs-3g packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     'bytes_in_use' field should be less than the 'bytes_allocated' field. When it is not, the parsing of the     records proceeds into the wild. (CVE-2021-33285)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

  - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges. (CVE-2021-35268)

  - NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges. (CVE-2021-35269)

  - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22. (CVE-2021-39251)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
    (CVE-2021-39252)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    (CVE-2021-39253)

  - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2819 advisory.

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the     records proceeds into the wild. (CVE-2021-33285)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution. (CVE-2021-33286)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

  - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges. (CVE-2021-35268)

  - NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges. (CVE-2021-35269)

  - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22. (CVE-2021-39251)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
    (CVE-2021-39252)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    (CVE-2021-39253)

  - A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in     the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)

  - A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in     ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. (CVE-2021-39255)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G <     2021.8.22. (CVE-2021-39256)

  - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain     (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. (CVE-2021-39257)

  - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in     NTFS-3G < 2021.8.22. (CVE-2021-39258)

  - A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in     ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. (CVE-2021-39259)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G     < 2021.8.22. (CVE-2021-39260)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G <     2021.8.22. (CVE-2021-39261)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
    (CVE-2021-39262)

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3704 advisory.

    The Advanced Virtualization module provides the user-space component for running virtual machines that use     KVM in environments managed by Red Hat products.

    Security Fix(es):

    * QEMU: usbredir: free() call on invalid pointer in bufp_alloc() (CVE-2021-3682)

    * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

    * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

    * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

    * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

    * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

    * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

    * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute     (CVE-2021-39255)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

    * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

    * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

    * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

    * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

    * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

    * libvirt: Insecure sVirt label generation (CVE-2021-3631)

    * libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3703 advisory.

    The Advanced Virtualization module provides the user-space component for running virtual machines that use     KVM in environments managed by Red Hat products.

    Security Fix(es):

    * QEMU: usbredir: free() call on invalid pointer in bufp_alloc() (CVE-2021-3682)

    * ntfs-3g: Out-of-bounds heap buffer access in ntfs_get_attribute_value() due to incorrect check of     bytes_in_use value in MFT records (CVE-2021-33285)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted Unicode string (CVE-2021-33286)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_pread_i() triggered by specially crafted NTFS attributes     (CVE-2021-33287)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted MFT section (CVE-2021-33289)

    * ntfs-3g: Heap buffer overflow triggered by a specially crafted NTFS inode pathname (CVE-2021-35266)

    * ntfs-3g: Stack buffer overflow triggered when correcting differences between MFT and MFTMirror sections     (CVE-2021-35267)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_real_open() triggered by a specially crafted NTFS inode     (CVE-2021-35268)

    * ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute     from MFT (CVE-2021-35269)

    * ntfs-3g: NULL pointer dereference in ntfs_extent_inode_open() (CVE-2021-39251)

    * ntfs-3g: Out-of-bounds read in ntfs_ie_lookup() (CVE-2021-39252)

    * ntfs-3g: Out-of-bounds read in ntfs_runlists_merge_i() (CVE-2021-39253)

    * ntfs-3g: Integer overflow in memmove() leading to heap buffer overflow in ntfs_attr_record_resize()     (CVE-2021-39254)

    * ntfs-3g: Out-of-bounds read ntfs_attr_find_in_attrdef() triggered by an invalid attribute     (CVE-2021-39255)

    * ntfs-3g: Heap buffer overflow in ntfs_inode_lookup_by_name() (CVE-2021-39256)

    * ntfs-3g: Endless recursion from ntfs_attr_pwrite() triggered by an unallocated bitmap (CVE-2021-39257)

    * ntfs-3g: Out-of-bounds reads in ntfs_attr_find() and ntfs_external_attr_find() (CVE-2021-39258)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_lookup_by_name() caused by an unsanitized attribute length     (CVE-2021-39259)

    * ntfs-3g: Out-of-bounds access in ntfs_inode_sync_standard_information() (CVE-2021-39260)

    * ntfs-3g: Heap buffer overflow in ntfs_compressed_pwrite() (CVE-2021-39261)

    * ntfs-3g: Out-of-bounds access in ntfs_decompress() (CVE-2021-39262)

    * ntfs-3g: Heap buffer overflow in ntfs_get_attribute_value() caused by an unsanitized attribute     (CVE-2021-39263)

    * QEMU: net: Infinite loop in loopback mode may lead to stack overflow (CVE-2021-3416)

    * libvirt: Insecure sVirt label generation (CVE-2021-3631)

    * libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Bug Fix(es):

    * SAP/3TB VM migration slowness [idle db] (BZ#1984458)

    * Detecting TSC timer frequencies requires too many privileges (BZ#1996130)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4971 advisory.

    Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can     take advantage of these flaws for local root privilege escalation. For the oldstable distribution     (buster), these problems have been fixed in version 1:2017.3.23AR.3-3+deb10u1. For the stable distribution     (bullseye), these problems have been fixed in version 1:2017.3.23AR.3-4+deb11u1. We recommend that you     upgrade your ntfs-3g packages. For the detailed security status of ntfs-3g please refer to its security     tracker page at: https://security-tracker.debian.org/tracker/ntfs-3g

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ntfs-3g installed on the remote host is prior to 2021.8.22. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-243-01 advisory.

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution. (CVE-2021-33286)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
236413	Alibaba Cloud Linux 3 : 0168: virt:rhel and virt-devel:rhel (ALINUX3-SA-2022:0168)	Nessus	Alibaba Cloud Linux Local Security Checks	high
224080	Linux Distros Unpatched Vulnerability : CVE-2021-39254	Nessus	Misc.	high
206824	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.101026)	Nessus	Misc.	medium
206823	Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.100173)	Nessus	Misc.	low
184718	Rocky Linux 8 : virt:rhel and virt-devel:rhel (RLSA-2022:1759)	Nessus	Rocky Linux Local Security Checks	high
169841	GLSA-202301-01 : NTFS-3G: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
161302	Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2022-1759)	Nessus	Oracle Linux Local Security Checks	high
161144	AlmaLinux 8 : virt:rhel and virt-devel:rhel (ALSA-2022:1759)	Nessus	Alma Linux Local Security Checks	high
161052	RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2022:1759)	Nessus	Red Hat Local Security Checks	high
160913	CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2022:1759)	Nessus	CentOS Local Security Checks	high
156304	EulerOS 2.0 SP8 : ntfs-3g (EulerOS-SA-2021-2807)	Nessus	Huawei Local Security Checks	high
155439	Debian DLA-2819-1 : ntfs-3g - LTS security update	Nessus	Debian Local Security Checks	high
153804	RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)	Nessus	Red Hat Local Security Checks	high
153803	RHEL 8 : virt:av and virt-devel:av (RHSA-2021:3703)	Nessus	Red Hat Local Security Checks	high
153182	Debian DSA-4971-1 : ntfs-3g - security update	Nessus	Debian Local Security Checks	high
152969	Slackware Linux 14.2 / current ntfs-3g Multiple Vulnerabilities (SSA:2021-243-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2021-39254

high

Tenable Plugins

high

high

medium

low

high

high

high

high

high

high

high

high

high

high

high

high