It is currently Thu May 23, 2013 8:36 pm

View unanswered posts | View active topics


Board index » Zenwalk Linux » Security and Monitoring

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
infwonder
 Post subject: [Fixed][CVE-2007-5497] e2fsprogs < 1.40.3, arbitrary code execution
PostPosted: Wed Dec 12, 2007 12:41 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
Quote:
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.


According to Ubuntu Security Notice-555-1 (Dec. 8, 2007):
Quote:
Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.


Since this attack is somewhat difficult to achieve remotely (yet still doable, requires voluntarily interaction from users), it's only rated as "Medium" by NVD (National Vulnerability Database,U.S.A). I checked and found the e2fsprogs in Zenwalk CURRENT repository is still 1.40.2. Maybe we should update this in 5.0.

!8!

_________________
Wisdom begins in wonder. -- Socrates

Last edited by infwonder on Thu Jan 24, 2008 5:15 am, edited 1 time in total.

 Profile Send private message  
 
gmg
 Post subject: Re: [CVE-2007-5497] e2fsprogs < 1.40.3, arbitrary code execution
PostPosted: Wed Dec 12, 2007 5:31 pm 
Global Moderator
Global Moderator
User avatar

Joined: Sat Aug 05, 2006 9:38 am
Posts: 4570
The package e2fsprogs-1.40.3, is ready ,  I will put it In the 'FIFO' soon.  ;)

_________________
Simplification is not simplicity, I chose the Simplicity

Last edited by gmg on Wed Dec 12, 2007 5:33 pm, edited 1 time in total.

 Profile Send private message  
 
infwonder
 Post subject: Re: [CVE-2007-5497] e2fsprogs < 1.40.3, arbitrary code execution
PostPosted: Thu Dec 13, 2007 3:21 am 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1253
Location: Taiwan
gmg wrote:
The package e2fsprogs-1.40.3, is ready ,  I will put it In the 'FIFO' soon.  ;)


\!D/

_________________
Wisdom begins in wonder. -- Socrates

 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Board index » Zenwalk Linux » Security and Monitoring

All times are UTC


 Who is online

Users browsing this forum: No registered users and 0 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 

Copyright © 2005-2009 Zenwalk.org. http://www.zenwalk.org/ • The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.