Synopsis:
ntfs-3g security updateSummary:
An update for ntfs-3g is now available for openEuler-20.03-LTS-SP4Description:
NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems.
Security Fix(es):
A heap buffer overflow exists in ntfs_build_permissions_posix() (acls.c:4011-4027) that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.
The overflow size is attacker-controlled (8 to 14,000+ bytes) and writes partially attacker-controlled data (POSIX_ACE entries with attacker-derived GID values) past the heap allocation. This corrupts adjacent glibc heap chunk metadata, as confirmed by a crash in _int_free() with "free(): corrupted unsorted chunks".(CVE-2026-40706)Topic:
An update for ntfs-3g is now available for openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
ntfs-3g
2022.5.17-4.oe2003sp42022.5.17-4.oe2003sp42022.5.17-4.oe2003sp42022.5.17-4.oe2003sp42022.5.17-4.oe2003sp4Exploitability
AV:LAC:LPR:NUI:NScope
S:UImpact
C:HI:HA:H8.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H