ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0001
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0001)
Resumen:	The remote host is missing an update for the 'libguestfs, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib' package(s) announced via the MGASA-2022-0001 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libguestfs, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib' package(s) announced via the MGASA-2022-0001 advisory. Vulnerability Insight: Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has physical access to an external port to a computer which is configured to run the ntfs-3g binary or one of the ntfsprogs tools when the external storage is plugged into the computer. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Common ways for attackers to gain physical access to a machine is through social engineering or an evil maid attack on an unattended computer. Affected Software/OS: 'libguestfs, ntfs-3g, ntfs-3g-system-compression, partclone, testdisk, wimlib' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33285 Debian Security Information: DSA-4971 (Google Search) https://www.debian.org/security/2021/dsa-4971 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/ https://security.gentoo.org/glsa/202301-01 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386 https://bugzilla.redhat.com/show_bug.cgi?id=2001608 https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp https://www.openwall.com/lists/oss-security/2021/08/30/1 https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html http://www.openwall.com/lists/oss-security/2021/08/30/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-33286 http://ntfs-3g.com Common Vulnerability Exposure (CVE) ID: CVE-2021-33287 http://tuxera.com Common Vulnerability Exposure (CVE) ID: CVE-2021-33289 Common Vulnerability Exposure (CVE) ID: CVE-2021-35266 Common Vulnerability Exposure (CVE) ID: CVE-2021-35267 Common Vulnerability Exposure (CVE) ID: CVE-2021-35268 Common Vulnerability Exposure (CVE) ID: CVE-2021-35269 Common Vulnerability Exposure (CVE) ID: CVE-2021-39251 https://bugzilla.redhat.com/show_bug.cgi?id=2001649 https://github.com/tuxera/ntfs-3g/releases Common Vulnerability Exposure (CVE) ID: CVE-2021-39252 Common Vulnerability Exposure (CVE) ID: CVE-2021-39253 Common Vulnerability Exposure (CVE) ID: CVE-2021-39254 Common Vulnerability Exposure (CVE) ID: CVE-2021-39255 Common Vulnerability Exposure (CVE) ID: CVE-2021-39256 Common Vulnerability Exposure (CVE) ID: CVE-2021-39257 Common Vulnerability Exposure (CVE) ID: CVE-2021-39258 Common Vulnerability Exposure (CVE) ID: CVE-2021-39259 Common Vulnerability Exposure (CVE) ID: CVE-2021-39260 Common Vulnerability Exposure (CVE) ID: CVE-2021-39261 Common Vulnerability Exposure (CVE) ID: CVE-2021-39262 Common Vulnerability Exposure (CVE) ID: CVE-2021-39263
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.