The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2965-1 advisory.

  - Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not     scrub the environment before executing modprobe with elevated privileges. A local user can take advantage     of this flaw for local root privilege escalation. (CVE-2017-0358)

  - An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by     running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap     buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where     /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. (CVE-2019-9755)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function     ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of     service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a     crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the     bytes_in_use field should be less than the bytes_allocated field. When it is not, the parsing of the     records proceeds into the wild. (CVE-2021-33285)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS image a     heap buffer overflow can occur and allow for code execution. (CVE-2021-33286)

  - In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function     ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of     service of the application. (CVE-2021-33287)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap     buffer overflow can occur and allow for code execution. (CVE-2021-33289)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image     a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code     execution. (CVE-2021-35266)

  - NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and     MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)

  - In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function     ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of     privileges. (CVE-2021-35268)

  - NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the     function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation     of privileges. (CVE-2021-35269)

  - A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <     2021.8.22. (CVE-2021-39251)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
    (CVE-2021-39252)

  - A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
    (CVE-2021-39253)

  - A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in     ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. (CVE-2021-39255)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G <     2021.8.22. (CVE-2021-39256)

  - A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain     (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. (CVE-2021-39257)

  - A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in     NTFS-3G < 2021.8.22. (CVE-2021-39258)

  - A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in     ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22. (CVE-2021-39259)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G     < 2021.8.22. (CVE-2021-39260)

  - A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G <     2021.8.22. (CVE-2021-39261)

  - A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
    (CVE-2021-39262)

  - A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in     ntfs_get_attribute_value, in NTFS-3G < 2021.8.22. (CVE-2021-39263)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED12 / SLES12 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2021:2965-1)

high Nessus Plugin ID 153124

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.6 Jul 14, 2023, 10:15 PM Exploit attributes ("Exploited by malware" set to "True") Plugin metadata Plugin Feed: 202307142215
Version 1.5 Jul 12, 2023, 5:37 PM Detection Plugin Feed: 202307121737
Version 1.4 Apr 17, 2023, 4:09 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-39263") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202304171609
Version 1.3 Apr 17, 2023, 2:09 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-39263") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202304171409