403441 – (CVE-2007-5497) CVE-2007-5497 e2fsprogs multiple integer overflows

Bug 403441 (CVE-2007-5497) - CVE-2007-5497 e2fsprogs multiple integer overflows

Summary: CVE-2007-5497 e2fsprogs multiple integer overflows

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-5497
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	414561 414571 414581 414591 414601 414611 414621 414631 414641 414651
Blocks:
TreeView+	depends on / blocked

Reported:	2007-11-28 20:16 UTC by Josh Bressers
Modified:	2023-05-11 12:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-01-17 10:08:53 UTC
Embargoed:

Attachments	(Terms of Use)
Proposed upstream patch (10.56 KB, patch) 2007-11-28 20:30 UTC, Josh Bressers	no flags	Details \| Diff
Final upstream patch (11.68 KB, patch) 2007-12-07 07:54 UTC, Tomas Hoger	no flags	Details \| Diff
Show Obsolete (1) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0003	0	normal	SHIPPED_LIVE	Moderate: e2fsprogs security update	2008-01-07 18:57:42 UTC

Description Josh Bressers 2007-11-28 20:16:27 UTC

Rafal Wojtczuk of McAfee AVERT Research discovered multiple integer overflows in
e2fsprogs.  These flaws could result in the execution of arbitrary code if a
program using libext2fs (e2fsck, dumpe2fs, pygrub) is used to process a
malicious filesystem.

Under normal conditions this practice is not common.  The most plausible attack
would be to leverage this flaw in a virtualized environment to gain access to dom0.

Acknowledgements:

Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues.

Comment 1 Josh Bressers 2007-11-28 20:30:53 UTC

Created attachment 271731 [details]
Proposed upstream patch

Comment 4 Tomas Hoger 2007-12-06 17:45:18 UTC

This is public now:

https://bugs.launchpad.net/ubuntu/+source/e2fsprogs/+bug/174174
http://www.novell.com/linux/security/advisories/2007_25_sr.html

Comment 6 Tomas Hoger 2007-12-07 07:54:01 UTC

Created attachment 280781 [details]
Final upstream patch

Comment 12 Red Hat Product Security 2008-01-17 10:08:53 UTC

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0003.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4461
  https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4447

Note You need to log in before you can comment on or make changes to this bug.