what you don't know can hurt you

e2fsprogs Input Sanitization

e2fsprogs Input Sanitization
Posted Feb 6, 2015
Authored by Andrea Barisani, Open Source CERT

The e2fsprogs package is a set of open source utilities for ext2, ext3 and ext4 filesytems. The libext2fs library, part of e2fsprogs and utilized by its utilities, is affected by a boundary check error on block group descriptor information, leading to a heap based buffer overflow. A specially crafted filesystem image can be used to trigger the vulnerability. Versions prior to 1.42.12 are affected.

tags | advisory, overflow
advisories | CVE-2015-0247
MD5 | e869d40ab54c548d2ad978b7cd2d1ffb

e2fsprogs Input Sanitization

Change Mirror Download

#2015-002 e2fsprogs input sanitization errors

Description:

The e2fsprogs package is a set of open source utilities for ext2, ext3 and
ext4 filesytems.

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor information,
leading to a heap based buffer overflow.

A specially crafted filesystem image can be used to trigger the vulnerability.

Affected version:

e2fsprogs < 1.42.12

Fixed version:

e2fsprogs >= 1.42.12

Credit: vulnerability report from Jose Duart of Google Security Team
<jduart AT google.com>.

CVE: CVE-2015-0247

Timeline:

2015-01-19: vulnerability report received
2015-01-29: contacted affected vendors, assigned CVEs
2015-02-05: advisory release

References:
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4

Permalink:
http://www.ocert.org/advisories/ocert-2015-002.html

--
Andrea Barisani | Founder & Project Coordinator
oCERT | OSS Computer Security Incident Response Team

<lcars@ocert.org> http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
"Pluralitas non est ponenda sine necessitate"
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close