Published: 07/09/2021 Updated: 13/01/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Security vulnerabilities were identified in NTFS-3G. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has physical access to an external port to a computer which is configured to run the ntfs-3g binary or one of the ntfsprogs tools when the external storage is plugged into the computer. These vulnerabilities result from incorrect validation of some of the NTFS metadata that could potentially cause buffer overflows, which could be exploited by an attacker. Common ways for malicious users to gain physical access to a machine is through social engineering or an evil maid attack on an unattended computer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tuxera ntfs-3g
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Synopsis Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the virt:rhel and virt-devel:rhel modules is now available for Red Ha ...

Debian Bug report logs - #988386 ntfs-3g: CVE-2021-33285 CVE-2021-35269 CVE-2021-35268 CVE-2021-33289 CVE-2021-33286 CVE-2021-35266 CVE-2021-33287 CVE-2021-35267 CVE-2021-39251 CVE-2021-39252 CVE-2021-39253 CVE-2021-39254 CVE-2021-39255 CVE-2021-39256 CVE-2021-39257 CVE-2021-39258 CVE-2021-39259 CVE-2021-39260 CVE-2021-39261 CVE-2021-39262 CVE-202 ...

Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE A local user can take advantage of these flaws for local root privilege escalation For the oldstable distribution (buster), these problems have been fixed in version 1:2017323AR3-3+deb10u1 For the stable distribution (bullseye), these problems have been fixe ...

No description is available for this CVE ...

Security vulnerabilities were identified in NTFS-3G These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local access and the ntfs-3g binary is setuid root, or if the attacker has physical access to an exter ...

CWE-787 http://ntfs-3g.com https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp http://www.openwall.com/lists/oss-security/2021/08/30/1 https://www.debian.org/security/2021/dsa-4971 https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html https://security.gentoo.org/glsa/202301-01 https://access.redhat.com/errata/RHSA-2022:1759 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4971 https://security.archlinux.org/CVE-2021-33286

CVE-2021-33286

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect