PT-2015-5360 · Libext2Fs+4 · Libext2Fs+4

Jose Duart

·

Publicado

2015-02-16

·

Atualizado

2018-07-28

·

CVE-2015-1572

CVSS v2.0

4.6

Média

VetorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions e2fsprogs versions prior to 1.42.12
Description The issue is related to a heap-based buffer overflow in the closefs.c file within the libext2fs library. This allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. The problem exists due to an incomplete fix for a previous issue.
Recommendations For versions prior to 1.42.12, update to version 1.42.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the libext2fs library to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-2007
CVE-2015-1572
DLA-162-1
DSA-3166-1
MGASA-2015-0088
OPENSUSE-SU-2018_2133-1
SUSE-SU-2015:1341-1
SUSE-SU-2015:1364-1
SUSE-SU-2018:1987-1
USN-2507-1

Produtos afetados

Alt Linux
Suse
Ubuntu
E2Fsprogs
Libext2Fs