6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
36.4%
According to the versions of the ntfs-3g packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the ‘bytes_in_use’ field should be less than the ‘bytes_allocated’ field. When it is not, the parsing of the records proceeds into the wild. (CVE-2021-33285)
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. (CVE-2021-33287)
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. (CVE-2021-33289)
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code execution. (CVE-2021-35266)
NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges. (CVE-2021-35268)
NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation of privileges. (CVE-2021-35269)
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. (CVE-2021-39251)
A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
(CVE-2021-39252)
A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
(CVE-2021-39253)
A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(156304);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/17");
script_cve_id(
"CVE-2021-33285",
"CVE-2021-33287",
"CVE-2021-33289",
"CVE-2021-35266",
"CVE-2021-35267",
"CVE-2021-35268",
"CVE-2021-35269",
"CVE-2021-39251",
"CVE-2021-39252",
"CVE-2021-39253",
"CVE-2021-39254"
);
script_name(english:"EulerOS 2.0 SP8 : ntfs-3g (EulerOS-SA-2021-2807)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ntfs-3g packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function
ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of
service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a
crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the
'bytes_in_use' field should be less than the 'bytes_allocated' field. When it is not, the parsing of the
records proceeds into the wild. (CVE-2021-33285)
- In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function
ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of
service of the application. (CVE-2021-33287)
- In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap
buffer overflow can occur and allow for code execution. (CVE-2021-33289)
- In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image
a heap buffer overflow can occur resulting in memory disclosure, denial of service and even code
execution. (CVE-2021-35266)
- NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and
MFTMirror allowing for code execution or escalation of privileges when setuid-root. (CVE-2021-35267)
- In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function
ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of
privileges. (CVE-2021-35268)
- NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the
function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and escalation
of privileges. (CVE-2021-35269)
- A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <
2021.8.22. (CVE-2021-39251)
- A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.
(CVE-2021-39252)
- A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.
(CVE-2021-39253)
- A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in
the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. (CVE-2021-39254)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2807
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f80da2b7");
script_set_attribute(attribute:"solution", value:
"Update the affected ntfs-3g packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39254");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/07");
script_set_attribute(attribute:"patch_publication_date", value:"2021/12/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntfs-3g");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ntfsprogs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"ntfs-3g-2017.3.23-8.h3.eulerosv2r8",
"ntfsprogs-2017.3.23-8.h3.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ntfs-3g");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39253
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39254
www.nessus.org/u?f80da2b7
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
36.4%