Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0247

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2015-0247
Last Modified 10 Sep 2015 12:00:39
Published 17 Feb 2015 10:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-0247

Summary

Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

  • Debian Linux 7.0

  • Fedoraproject Fedora 20

  • Fedoraproject Fedora 21

Application

  • E2fsprogs Project E2fsprogs 1.42.11


References

MISC - http://www.ocert.org/advisories/ocert-2015-002.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1187032

XF - e2fsprogs-cve20150247-bo(100740)

BID - 72520

BUGTRAQ - 20150205 [oCERT-2015-002] e2fsprogs input sanitization errors

MANDRIVA - MDVSA-2015:045

MISC - http://packetstormsecurity.com/files/130283/e2fsprogs-Input-Sanitization.html

FEDORA - FEDORA-2015-1840

CONFIRM - http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4

DEBIAN - DSA-3166

UBUNTU - USN-2507-1

FEDORA - FEDORA-2015-2516

FEDORA - FEDORA-2015-2511

MANDRIVA - MDVSA-2015:067

CONFIRM - http://advisories.mageia.org/MGASA-2015-0061.html

Related Patches

Novell SUSE 2015:10815 e2fsprogs security update for SLES 11 SP3 i586

Novell SUSE 2015:10815 e2fsprogs security update for SLES 11 SP3 x86_64

Novell SUSE 2015:10815 e2fsprogs security update for SLE 11 SP3 i586

Novell SUSE 2015:10815 e2fsprogs security update for SLE 11 SP3 x86_64


Last Updated: 27 May 2016 11:09:49